Vulnerabilities > IBM > Cloud PAK FOR Business Automation > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-08 CVE-2024-31897 Unspecified vulnerability in IBM Cloud PAK for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm
4.3
4.3
2024-07-08 CVE-2024-37528 Unspecified vulnerability in IBM Cloud PAK for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting.
network
low complexity
ibm
5.4
5.4
2024-03-31 CVE-2023-50959 Unspecified vulnerability in IBM Cloud PAK for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account.
network
low complexity
ibm
6.5
6.5
2024-02-29 CVE-2023-38367 Unspecified vulnerability in IBM Cloud PAK for Business Automation
IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token.
network
low complexity
ibm
6.5
6.5
2024-02-04 CVE-2023-50947 Unspecified vulnerability in IBM products
IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting.
network
low complexity
ibm
5.4
5.4
2023-12-18 CVE-2023-40691 Unspecified vulnerability in IBM Cloud PAK for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users.
network
low complexity
ibm
4.9
4.9
2023-06-27 CVE-2023-32339 Cross-site Scripting vulnerability in IBM Cloud PAK for Business Automation
IBM Business Automation Workflow is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2023-02-27 CVE-2023-22860 Unspecified vulnerability in IBM Cloud PAK for Business Automation
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting.
network
low complexity
ibm
5.4
5.4
2022-05-02 CVE-2021-29859 Unspecified vulnerability in IBM Cloud PAK for Business Automation 21.0.1/21.0.2/21.0.3
IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out.
low complexity
ibm
6.8
6.8