CVE-2024-37528

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 294293.

Published: Jul 8, 2024
Updated: Jul 12, 2024
CVE: CVE-2024-37528
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
ibm / cloud_pak_for_business_automation	21.0.1-interim_fix_007	21.0.1-interim_fix_007.x
ibm / cloud_pak_for_business_automation	21.0.1-interim_fix_004	21.0.1-interim_fix_004.x
ibm / cloud_pak_for_business_automation	21.0.1	21.0.1.x
ibm / cloud_pak_for_business_automation	21.0.1-interim_fix_002	21.0.1-interim_fix_002.x
ibm / cloud_pak_for_business_automation	21.0.1-interim_fix_003	21.0.1-interim_fix_003.x
ibm / cloud_pak_for_business_automation	21.0.1-interim_fix_006	21.0.1-interim_fix_006.x
ibm / cloud_pak_for_business_automation	21.0.1-interim_fix_005	21.0.1-interim_fix_005.x
ibm / cloud_pak_for_business_automation	21.0.1-interim_fix_001	21.0.1-interim_fix_001.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_003	21.0.3-interim_fix_003.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_006	21.0.3-interim_fix_006.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_005	21.0.3-interim_fix_005.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_001	21.0.3-interim_fix_001.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_007	21.0.3-interim_fix_007.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_004	21.0.3-interim_fix_004.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_008	21.0.3-interim_fix_008.x
ibm / cloud_pak_for_business_automation	21.0.3	21.0.3.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_002	21.0.3-interim_fix_002.x
ibm / cloud_pak_for_business_automation	22.0.2	22.0.2.x
ibm / cloud_pak_for_business_automation	22.0.2-interim_fix_001	22.0.2-interim_fix_001.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_009	21.0.3-interim_fix_009.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_010	21.0.3-interim_fix_010.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_011	21.0.3-interim_fix_011.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_012	21.0.3-interim_fix_012.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_013	21.0.3-interim_fix_013.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_014	21.0.3-interim_fix_014.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_015	21.0.3-interim_fix_015.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_016	21.0.3-interim_fix_016.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_017	21.0.3-interim_fix_017.x
ibm / cloud_pak_for_business_automation	22.0.1-interim_fix_006	22.0.1-interim_fix_006.x
ibm / cloud_pak_for_business_automation	22.0.1-interim_fix_005	22.0.1-interim_fix_005.x
ibm / cloud_pak_for_business_automation	22.0.1-interim_fix_004	22.0.1-interim_fix_004.x
ibm / cloud_pak_for_business_automation	22.0.1-interim_fix_003	22.0.1-interim_fix_003.x
ibm / cloud_pak_for_business_automation	22.0.1-interim_fix_002	22.0.1-interim_fix_002.x
ibm / cloud_pak_for_business_automation	22.0.1-interim_fix_001	22.0.1-interim_fix_001.x
ibm / cloud_pak_for_business_automation	22.0.1	22.0.1.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_018	21.0.3-interim_fix_018.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_019	21.0.3-interim_fix_019.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_020	21.0.3-interim_fix_020.x
ibm / cloud_pak_for_business_automation	22.0.2-interim_fix_004	22.0.2-interim_fix_004.x
ibm / cloud_pak_for_business_automation	22.0.2-interim_fix_003	22.0.2-interim_fix_003.x
ibm / cloud_pak_for_business_automation	22.0.2-interim_fix_002	22.0.2-interim_fix_002.x
ibm / cloud_pak_for_business_automation	23.0.1-interim_fix_004	23.0.1-interim_fix_004.x
ibm / cloud_pak_for_business_automation	23.0.1-interim_fix_003	23.0.1-interim_fix_003.x
ibm / cloud_pak_for_business_automation	23.0.1-interim_fix_002	23.0.1-interim_fix_002.x
ibm / cloud_pak_for_business_automation	23.0.1-interim_fix_001	23.0.1-interim_fix_001.x
ibm / cloud_pak_for_business_automation	23.0.1	23.0.1.x
ibm / cloud_pak_for_business_automation	22.0.2-interim_fix_005	22.0.2-interim_fix_005.x
ibm / cloud_pak_for_business_automation	22.0.2-interim_fix_006	22.0.2-interim_fix_006.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_021	21.0.3-interim_fix_021.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_022	21.0.3-interim_fix_022.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_023	21.0.3-interim_fix_023.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_024	21.0.3-interim_fix_024.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_025	21.0.3-interim_fix_025.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_026	21.0.3-interim_fix_026.x
ibm / cloud_pak_for_business_automation	21.0.1-interim_fix_008	21.0.1-interim_fix_008.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_028	21.0.3-interim_fix_028.x
ibm / cloud_pak_for_business_automation	20.0.1	20.0.3.x
ibm / cloud_pak_for_business_automation	19.0.1	19.0.3.x
ibm / cloud_pak_for_business_automation	18.0.0	18.0.2.x
ibm / cloud_pak_for_business_automation	23.0.2	23.0.2.x
ibm / cloud_pak_for_business_automation	23.0.2-interim_fix_001	23.0.2-interim_fix_001.x
ibm / cloud_pak_for_business_automation	23.0.2-interim_fix_002	23.0.2-interim_fix_002.x
ibm / cloud_pak_for_business_automation	23.0.2-interim_fix_003	23.0.2-interim_fix_003.x
ibm / cloud_pak_for_business_automation	23.0.2-interim_fix_004	23.0.2-interim_fix_004.x
ibm / cloud_pak_for_business_automation	23.0.2-interim_fix_005	23.0.2-interim_fix_005.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_029	21.0.3-interim_fix_029.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_030	21.0.3-interim_fix_030.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_031	21.0.3-interim_fix_031.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_032	21.0.3-interim_fix_032.x
ibm / cloud_pak_for_business_automation	21.0.3-interim_fix_033	21.0.3-interim_fix_033.x

Vulnerability Database

290,301

CVE-2024-37528