Vulnerabilities > IBM > Cloud PAK FOR Automation > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-18 | CVE-2021-29872 | Improper Encoding or Escaping of Output vulnerability in IBM Cloud PAK for Automation IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
| 2021-12-21 | CVE-2021-38966 | Cross-site Scripting vulnerability in IBM Cloud PAK for Automation and Workflow Process Service IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. | 5.4 |
| 2021-06-28 | CVE-2021-29775 | Cross-site Scripting vulnerability in IBM products IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. | 5.4 |
| 2021-02-08 | CVE-2021-20359 | Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3 IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. | 6.5 |
| 2021-02-08 | CVE-2021-20358 | Cleartext Storage of Sensitive Information vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3 IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. | 6.5 |
| 2020-04-02 | CVE-2020-4325 | Improper Resource Shutdown or Release vulnerability in IBM products The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. | 6.5 |