CVE-2023-50947: IBM Business Automation Workflow cross-site scripting

Q: What is the severity of CVE-2023-50947?

CVE-2023-50947 is a high severity vulnerability due to its potential for cross-site scripting attacks.

Q: How do I fix CVE-2023-50947?

To fix CVE-2023-50947, upgrade to the recommended patched version provided by IBM for your affected IBM Business Automation Workflow or Cloud Pak installation.

Q: What systems are affected by CVE-2023-50947?

CVE-2023-50947 affects IBM Business Automation Workflow versions 22.0.2, 23.0.1, and 23.0.2 as well as earlier versions up to 21.0.3.

Q: What type of vulnerability is CVE-2023-50947?

CVE-2023-50947 is categorized as a cross-site scripting (XSS) vulnerability.

Q: What are the potential impacts of CVE-2023-50947?

The potential impacts of CVE-2023-50947 include unauthorized execution of arbitrary JavaScript, leading to potential credential disclosure.

Published Feb 2, 2024

Updated

IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.

Other sources

IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

— IBM

Affected Software

68 affected components

IBM Business Automation Workflow>=19.0.0.1<=19.0.0.3

IBM Business Automation Workflow>=21.0.1<=21.0.3.1

IBM Business Automation Workflow=20.0.0.1

IBM Business Automation Workflow=20.0.0.2

IBM Business Automation Workflow=21.0.2

IBM Business Automation Workflow=21.0.3

IBM Business Automation Workflow=21.0.3-if002

IBM Business Automation Workflow=21.0.3-if005

IBM Business Automation Workflow=21.0.3-if006

IBM Business Automation Workflow=21.0.3-if007

IBM Business Automation Workflow=21.0.3-if008

IBM Business Automation Workflow=21.0.3-if009

IBM Business Automation Workflow=21.0.3-if010

IBM Business Automation Workflow=21.0.3-if011

IBM Business Automation Workflow=21.0.3-if012

IBM Business Automation Workflow=21.0.3-if013

IBM Business Automation Workflow=21.0.3-if014

IBM Business Automation Workflow=21.0.3-if015

IBM Business Automation Workflow=21.0.3-if016

IBM Business Automation Workflow=21.0.3-if017

IBM Business Automation Workflow=21.0.3-if028

IBM Business Automation Workflow=22.0.1

IBM Business Automation Workflow=22.0.2

IBM Business Automation Workflow=23.0.1

IBM Business Automation Workflow=23.0.2

IBM Cloud Pak for Business Automation>=18.0.0<=18.0.2

IBM Cloud Pak for Business Automation>=19.0.1<=19.0.3

IBM Cloud Pak for Business Automation>=20.0.1<=20.0.3

IBM Cloud Pak for Business Automation=21.0.1

IBM Cloud Pak for Business Automation=21.0.3

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_001

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_002

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_003

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_004

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_005

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_006

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_007

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_008

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_009

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_010

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_011

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_012

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_013

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_014

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_015

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_016

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_017

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_018

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_019

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_020

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_021

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_022

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_023

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_024

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_025

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_026

IBM Cloud Pak for Business Automation=21.0.3-interim_fix_028

IBM Cloud Pak for Business Automation=22.0.1

IBM Cloud Pak for Business Automation=22.0.2

IBM Cloud Pak for Business Automation=23.0.1

IBM Cloud Pak for Business Automation=23.0.2

Event History

Feb 2, 2024

CVE Published

via IBM·12:00 AM

Data Sourced

via IBM·12:00 AM

DescriptionSeverityAffected Software

Feb 4, 2024

CVE Published

via MITRE·12:11 AM

Data Sourced

via MITRE·12:11 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·01:15 AM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-7114430

Frequently Asked Questions

What is the severity of CVE-2023-50947?

CVE-2023-50947 is a high severity vulnerability due to its potential for cross-site scripting attacks.

How do I fix CVE-2023-50947?

To fix CVE-2023-50947, upgrade to the recommended patched version provided by IBM for your affected IBM Business Automation Workflow or Cloud Pak installation.

What systems are affected by CVE-2023-50947?

CVE-2023-50947 affects IBM Business Automation Workflow versions 22.0.2, 23.0.1, and 23.0.2 as well as earlier versions up to 21.0.3.

What type of vulnerability is CVE-2023-50947?

CVE-2023-50947 is categorized as a cross-site scripting (XSS) vulnerability.

What are the potential impacts of CVE-2023-50947?

The potential impacts of CVE-2023-50947 include unauthorized execution of arbitrary JavaScript, leading to potential credential disclosure.

CVE-2023-50947: IBM Business Automation Workflow cross-site scripting

Other sources

Affected Software

Event History

Parent advisories

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2023-50947?

How do I fix CVE-2023-50947?

What systems are affected by CVE-2023-50947?

What type of vulnerability is CVE-2023-50947?

What are the potential impacts of CVE-2023-50947?

Company

Resources

Contact