CVE-2024-52365

Published Feb 5, 2025

Last updated 23 days ago

CVSS medium 6.4

Overview

Description
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Source
psirt@us.ibm.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
6.4
Impact score
2.7
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

psirt@us.ibm.com
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2024-52365 Stored Cross-Site Scripting Vulnerability in IBM Cloud Pak for Bu... https://t.co/l1yxIJF3Nt Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x

    @VulmonFeeds

    5 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References