CVE-2023-22860

CVSS V2 None CVSS V3 None

Description

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100.

Overview

CVE ID
CVE-2023-22860

Assigner
psirt@us.ibm.com

Vulnerability Status
Analyzed

Published Version
2023-02-27T15:15:11

Last Modified Date
2023-03-07T02:42:01

Weakness Enumerations

CWE	URL
CWE-79	http://cwe.mitre.org/data/definitions/79.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.0:::::::*	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.2:::::::*	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.1:::::::*	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.3:::::::*	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.1:::::::*	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.3:::::::*	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:-::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_001::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_002::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_003::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_004::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_005::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_006::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_007::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:-::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_001::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_0012::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_002::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_003::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_004::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_005::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_006::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_007::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_008::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_009::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_010::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_011::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_012::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:-::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_001::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_002::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_003::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_004::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_005::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_006::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_007::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_008::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_009::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_010::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_011::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_012::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_013::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_014::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_015::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_016::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_017::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:-::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_001::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_002::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_003::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_004::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_005::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_006::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:-::::::	1	OR
cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_001::::::	1	OR

References

Reference URL	Reference Tags
https://exchange.xforce.ibmcloud.com/vulnerabilities/244100	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6958062	Patch Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-22860
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22860

History

Created	Old Value	New Value	Data Type	Notes
2023-04-17 05:29:49				Added to TrackCVE
2023-04-17 05:29:52			Weakness Enumeration	new