• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Multiple IBM Spectrum Scale Vulnerabilities
December 26, 2022
Rewterz Threat Advisory – CVE-2022-22184 – Juniper Networks Junos OS and Junos OS Evolved Vulnerability
December 26, 2022

Rewterz Threat Advisory – CVE-2022-38390 – IBM Business Automation Workflow Vulnerability

December 26, 2022

Severity

Medium

Analysis Summary

CVE-2022-38390

Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Impact

  • Cross-Site Scripting

Indicators Of Compromise

CVE

  • CVE-2022-38390

Affected Vendors

IBM

Affected Products

  • IBM Business Automation Workflow containers 20.0.0.1
  • IBM Business Automation Workflow traditional 19.0.0.1
  • IBM Business Automation Workflow traditional 19.0.0.3
  • IBM Business Automation Workflow traditional 20.0.0.1
  • IBM Business Automation Workflow traditional 20.0.0.2
  • IBM Business Automation Workflow traditional 21.0.1
  • IBM Business Automation Workflow containers 20.0.0.2
  • IBM Business Automation Workflow containers 21.0.3
  • IBM Business Automation Workflow containers 21.0.2
  • IBM Business Automation Workflow traditional 21.0.3.1
  • IBM Business Automation Workflow traditional 18.0.0.2
  • IBM Cloud Pak for Business Automation 18.0.0
  • IBM Cloud Pak for Business Automation 18.0.1
  • IBM Cloud Pak for Business Automation 18.0.2
  • IBM Cloud Pak for Business Automation 19.0.1
  • IBM Cloud Pak for Business Automation 19.0.2
  • IBM Cloud Pak for Business Automation 19.0.3
  • IBM Cloud Pak for Business Automation 20.0.1
  • IBM Cloud Pak for Business Automation 20.0.2
  • IBM Cloud Pak for Business Automation 20.0.3
  • IBM Cloud Pak for Business Automation 21.0.1
  • IBM Cloud Pak for Business Automation 21.0.2
  • IBM Cloud Pak for Business Automation 21.0.3
  • IBM Business Automation Workflow containers 21.0.1
  • IBM Business Automation Workflow traditional 18.0.0.0
  • IBM Business Automation Workflow traditional 22.0.1
  • IBM Cloud Pak for Business Automation 22.0.1

Remediation

Refer to the appropriate IBM Security Advisory for patch, upgrade or suggested workaround information. 

IBM Business Automation Workflow containers 

IBM Cloud Pak for Business Automation

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.