CVE-2024-37528

MEDIUM EPSS 17.1%

Published Jul 8, 20241y ago · Modified Jun 17, 20261w ago

5.4 CVSS 3.1

Medium

Published Jul 8, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 294293.

CVSS Details

Base Score

5.4

Exploitability

2.3

Impact

2.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction Required

Scope Changed

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

17.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 70

Vendor	Product	Version	Range
ibm	cloud_pak_for_business_automation	*	≥18.0.0 – ≤18.0.2
ibm	cloud_pak_for_business_automation	*	≥19.0.1 – ≤19.0.3
ibm	cloud_pak_for_business_automation	*	≥20.0.1 – ≤20.0.3
ibm	cloud_pak_for_business_automation	21.0.1	any
ibm	cloud_pak_for_business_automation	21.0.1	any
ibm	cloud_pak_for_business_automation	21.0.1	any
ibm	cloud_pak_for_business_automation	21.0.1	any
ibm	cloud_pak_for_business_automation	21.0.1	any
ibm	cloud_pak_for_business_automation	21.0.1	any
ibm	cloud_pak_for_business_automation	21.0.1	any
ibm	cloud_pak_for_business_automation	21.0.1	any
ibm	cloud_pak_for_business_automation	21.0.1	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	21.0.3	any
ibm	cloud_pak_for_business_automation	22.0.1	any
ibm	cloud_pak_for_business_automation	22.0.1	any
ibm	cloud_pak_for_business_automation	22.0.1	any
ibm	cloud_pak_for_business_automation	22.0.1	any
ibm	cloud_pak_for_business_automation	22.0.1	any
ibm	cloud_pak_for_business_automation	22.0.1	any
ibm	cloud_pak_for_business_automation	22.0.1	any
ibm	cloud_pak_for_business_automation	22.0.2	any
ibm	cloud_pak_for_business_automation	22.0.2	any
ibm	cloud_pak_for_business_automation	22.0.2	any
ibm	cloud_pak_for_business_automation	22.0.2	any
ibm	cloud_pak_for_business_automation	22.0.2	any
ibm	cloud_pak_for_business_automation	22.0.2	any
ibm	cloud_pak_for_business_automation	22.0.2	any
ibm	cloud_pak_for_business_automation	23.0.1	any
ibm	cloud_pak_for_business_automation	23.0.1	any
ibm	cloud_pak_for_business_automation	23.0.1	any
ibm	cloud_pak_for_business_automation	23.0.1	any
ibm	cloud_pak_for_business_automation	23.0.1	any
ibm	cloud_pak_for_business_automation	23.0.2	any
ibm	cloud_pak_for_business_automation	23.0.2	any
ibm	cloud_pak_for_business_automation	23.0.2	any
ibm	cloud_pak_for_business_automation	23.0.2	any
ibm	cloud_pak_for_business_automation	23.0.2	any
ibm	cloud_pak_for_business_automation	23.0.2	any

References 2

exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/294293

VDB EntryVendor Advisory
ibm.com https://www.ibm.com/support/pages/node/7159332

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.