CVE-2023-35024

Summary

CVE-2023-35024 is a cross-site scripting (XSS) vulnerability affecting multiple versions of IBM Cloud Pak for Business Automation (18.0.0 through 22.0.2). This issue enables users to inject arbitrary JavaScript code into the Web UI, potentially altering the intended functionality and leading to unintended consequences, such as credentials disclosure, within a trusted session. IBM's X-Force has assigned ID 258349 to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.