Vulnerabilities > IBM > Cloud PAK FOR Automation > 20.0.2

DATE CVE VULNERABILITY TITLE RISK
2022-01-18 CVE-2021-29872 Improper Encoding or Escaping of Output vulnerability in IBM Cloud PAK for Automation
IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-116
5.4
5.4
2021-03-30 CVE-2021-20482 XXE vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3
IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
7.1
2021-02-08 CVE-2021-20359 Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user.
network
low complexity
ibm CWE-532
6.5
6.5
2021-02-08 CVE-2021-20358 Cleartext Storage of Sensitive Information vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files.
network
low complexity
ibm CWE-312
6.5
6.5