VDB
CVE-2023-45857
CVE-2023-45857
PUBLISHED
CVSS 9.300000190734863 CRITICAL
In IBM Business Automation Workflow existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
EPSS 0.18% · 39.3th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.18%
39.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| HCL | HCL BigFix Server Automation | |
| Red Hat | Red Hat OpenShift for Windows Containers <10.15.3 | |
| Red Hat | Red Hat OpenShift Secondary Scheduler Operator | |
| Red Hat | Red Hat OpenShift Container Platform <4.12.72 | |
| Red Hat | Red Hat OpenShift Container Platform <4.16.8 | |
| Red Hat | Red Hat OpenShift Run Once Duration Override Operator 1 | |
| Red Hat | Red Hat OpenShift Data Foundation <4.14.13 | |
| IBM | IBM App Connect Enterprise 11.0.0.1 - 11.0.0.23 | |
| Red Hat | Red Hat OpenShift GitOps <1.15.2 | |
| Atlassian | Atlassian Bitbucket <9.4.13 (LTS) | |
| Amazon | Amazon Linux 2 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Atlassian | Atlassian Bitbucket <8.19.25 (LTS) | |
| Red Hat | Red Hat OpenShift Custom Metric Autoscaler 2 | |
| Red Hat | Red Hat OpenShift CodeReady Workspaces | |
| HCL | HCL BigFix | |
| Atlassian | Atlassian Bitbucket <10.0.2 | |
| Red Hat | Red Hat OpenShift | |
| Red Hat | Red Hat OpenShift GitOps 1.12 | |
| Red Hat | Red Hat OpenShift Kube Descheduler Operator 5 |
…and 10 more
Exploit Intelligence
- fuyuooumi1027/CVE-2023-45857-Demo (github-poc)
- fuyuooumi1027/CVE-2023-45857-Demo (github-poc)
- fuyuooumi1027/CVE-2023-45857-Demo (github-poc)
- fuyuooumi1027/CVE-2023-45857-Demo (github-poc)
- fuyuooumi1027/CVE-2023-45857-Demo (github-poc)
- fuyuooumi1027/CVE-2023-45857-Demo (github-poc)
- fuyuooumi1027/CVE-2023-45857-Demo (github-poc)
- fuyuooumi1027/CVE-2023-45857-Demo (github-poc)
- fuyuooumi1027/CVE-2023-45857-Demo (github-poc)
- CVE-2023-45857の挙動を確認するデモ (github-poc)
…and 48 more exploits
Timeline
- Nov 8, 2023 CVE Published
- Nov 9, 2023 EPSS Score
- Dec 9, 2023 EPSS Score
- Jan 9, 2024 EPSS Score
- Feb 8, 2024 PoC Published
- Mar 10, 2024 EPSS Score
- Apr 9, 2024 EPSS Score
- May 9, 2024 EPSS Score
- Jun 9, 2024 EPSS Score
- Jul 9, 2024 EPSS Score
- Sep 8, 2024 EPSS Score
- Oct 9, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0277.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0277 advisory
- https://www.ibm.com/support/pages/node/7114422 advisory
- https://www.ibm.com/support/pages/node/7114423 advisory
- https://www.ibm.com/support/pages/node/7114425 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0588.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0588 advisory
- https://www.ibm.com/support/pages/node/7130998 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1226.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1226 advisory
- https://access.redhat.com/errata/RHSA-2024:2874 advisory
- https://access.redhat.com/errata/RHSA-2024:2929 advisory
- https://access.redhat.com/errata/RHSA-2024:2930 advisory
- https://access.redhat.com/errata/RHSA-2024:2932 advisory
- https://access.redhat.com/errata/RHSA-2024:2933 advisory
- https://access.redhat.com/errata/RHSA-2024:3316 advisory
- https://access.redhat.com/errata/RHSA-2024:2901 advisory
- https://access.redhat.com/errata/RHSA-2024:3473 advisory
- https://access.redhat.com/errata/RHSA-2024:3790 advisory
- https://access.redhat.com/errata/RHSA-2024:3715 advisory
…and 42 more