IBM Cloud Pak for Automation 20.0.3 Interim Fix002

CPE Details

IBM Cloud Pak for Automation 20.0.3 Interim Fix002
ibm
cloud_pak_for_automation
20.0.3
2021-04-01
10h01 +00:00
2021-05-25
12h56 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:ibm:cloud_pak_for_automation:20.0.3:interim_fix002:*:*:*:*:*:*

Informations

Vendor

ibm

Product

cloud_pak_for_automation

Version

20.0.3

Update

interim_fix002

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-29872 2022-01-18 16h50 +00:00 IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 206228.
5.4
Moyen
CVE-2021-20482 2021-03-30 16h00 +00:00 IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197504.
7.1
Haute
CVE-2021-20359 2021-02-08 14h40 +00:00 IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966.
6.5
Moyen
CVE-2021-20358 2021-02-08 14h40 +00:00 IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965.
6.5
Moyen