Severity
Medium
Analysis Summary
CVE-2022-38390
Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Impact
Indicators Of Compromise
CVE
Affected Vendors
IBM
Affected Products
- IBM Business Automation Workflow containers 20.0.0.1
- IBM Business Automation Workflow traditional 19.0.0.1
- IBM Business Automation Workflow traditional 19.0.0.3
- IBM Business Automation Workflow traditional 20.0.0.1
- IBM Business Automation Workflow traditional 20.0.0.2
- IBM Business Automation Workflow traditional 21.0.1
- IBM Business Automation Workflow containers 20.0.0.2
- IBM Business Automation Workflow containers 21.0.3
- IBM Business Automation Workflow containers 21.0.2
- IBM Business Automation Workflow traditional 21.0.3.1
- IBM Business Automation Workflow traditional 18.0.0.2
- IBM Cloud Pak for Business Automation 18.0.0
- IBM Cloud Pak for Business Automation 18.0.1
- IBM Cloud Pak for Business Automation 18.0.2
- IBM Cloud Pak for Business Automation 19.0.1
- IBM Cloud Pak for Business Automation 19.0.2
- IBM Cloud Pak for Business Automation 19.0.3
- IBM Cloud Pak for Business Automation 20.0.1
- IBM Cloud Pak for Business Automation 20.0.2
- IBM Cloud Pak for Business Automation 20.0.3
- IBM Cloud Pak for Business Automation 21.0.1
- IBM Cloud Pak for Business Automation 21.0.2
- IBM Cloud Pak for Business Automation 21.0.3
- IBM Business Automation Workflow containers 21.0.1
- IBM Business Automation Workflow traditional 18.0.0.0
- IBM Business Automation Workflow traditional 22.0.1
- IBM Cloud Pak for Business Automation 22.0.1
Remediation
Refer to the appropriate IBM Security Advisory for patch, upgrade or suggested workaround information.
IBM Business Automation Workflow containers
IBM Cloud Pak for Business Automation