CVE-2022-41735
07.12.2022, 17:15
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687.
| Vendor | Product | Version |
|---|---|---|
| ibm | business_automation_workflow | 19.0.0.1 ≤ 𝑥 ≤ 19.0.0.3 |
| ibm | business_automation_workflow | 21.0.1 ≤ 𝑥 ≤ 21.0.3.1 |
| ibm | business_automation_workflow | 20.0.0.1 |
| ibm | business_automation_workflow | 20.0.0.1 |
| ibm | business_automation_workflow | 20.0.0.2 |
| ibm | business_automation_workflow | 20.0.0.2 |
| ibm | business_automation_workflow | 21.0.2 |
| ibm | business_automation_workflow | 21.0.3 |
| ibm | business_automation_workflow | 21.0.3:if002 |
| ibm | business_automation_workflow | 21.0.3:if005 |
| ibm | business_automation_workflow | 21.0.3:if006 |
| ibm | business_automation_workflow | 21.0.3:if007 |
| ibm | business_automation_workflow | 21.0.3:if008 |
| ibm | business_automation_workflow | 21.0.3:if009 |
| ibm | business_automation_workflow | 21.0.3:if010 |
| ibm | business_automation_workflow | 21.0.3:if011 |
| ibm | business_automation_workflow | 21.0.3:if012 |
| ibm | business_automation_workflow | 21.0.3:if013 |
| ibm | business_automation_workflow | 21.0.3:if014 |
| ibm | business_automation_workflow | 22.0.1 |
| ibm | business_automation_workflow | 22.0.1 |
| ibm | business_automation_workflow | 22.0.1:if001 |
| ibm | business_automation_workflow | 22.0.1:if002 |
| ibm | business_automation_workflow | 22.0.1:if003 |
| ibm | business_automation_workflow | 22.0.1:if004 |
𝑥
= Vulnerable software versions