Ibm Cloud Pak For Automation — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Cloud Pak For Automation, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-20482 — CVSS 7.1 (high): IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML…
CVE-2021-20358 — CVSS 6.5 (medium): IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This…
CVE-2021-20359 — CVSS 6.5 (medium): IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive…
CVE-2020-4325 — CVSS 6.5 (medium): The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the…
CVE-2021-29775 — CVSS 5.4 (medium): IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site…
CVE-2021-29872 — CVSS 5.4 (medium): IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by…
CVE-2021-38966 — CVSS 5.4 (medium): IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…