CVE-2024-52365

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Feb 5, 2025

CWE ID 79

Summary

CVE-2024-52365 affects versions 18.0.0 through 22.0.2 of IBM Cloud Pak for Business Automation. This vulnerability enables authenticated users to inject malicious JavaScript code into the Web UI, resulting in altered functionality. Potentially, this could lead to the disclosure of sensitive credentials within a trusted session, posing a significant security risk. IBM urges users to apply the available patches to mitigate this stored cross-site scripting vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

IBM Cloud Pak For Business Automation

Affected Vendors

IBM Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/0ZtcbE
https://www.cve.org/CVERecord?id=CVE-2024-52365
https://nvd.nist.gov/vuln/detail/CVE-2024-52365

Back to Vulnerability Database