IBM Cloud Pak for Automation 20.0.3

CPE Details

IBM Cloud Pak for Automation 20.0.3
ibm
cloud_pak_for_automation
20.0.3
2021-02-23
20h55 +00:00
2021-02-23
20h55 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:*

Informations

Vendor

ibm

Product

cloud_pak_for_automation

Version

20.0.3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-29872 2022-01-18 16h50 +00:00 IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 206228.
5.4
Moyen
CVE-2021-20359 2021-02-08 14h40 +00:00 IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966.
6.5
Moyen
CVE-2021-20358 2021-02-08 14h40 +00:00 IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965.
6.5
Moyen