IBM Cloud Pak for Business Automation Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in IBM Cloud Pak for Business Automation. This issue affects versions 25.0.0 prior to 25.0.0 Interim Fix 002, 24.0.1 prior to 24.0.1 Interim Fix 005, and 24.0.0 prior to 24.0.0 Interim Fix 007. The vulnerability allows authenticated users to inject arbitrary JavaScript into the Web UI, potentially altering functionality and leading to credential disclosure within a trusted session.

Impact

Exploitation of this vulnerability could result in stored cross-site scripting, allowing injected scripts to be executed in the context of the user.

Remediation

Users can upgrade to IBM Cloud Pak for Business Automation version 25.0.0-IF003, 24.0.1-IF006, or 24.0.0-IF008. Instructions for downloading these versions are available on the IBM Support website.