How severe is CVE-2021-38893?

Medium severity. CVSS v3 base score is 6.4 out of 10.

Vulnerability in Ibm Business Process Manager Standard

CVE-2021-38893

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus al…

EPSS: 0.002 (44.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.0/I:L/PR:L/C:L/S:C/UI:N/AC:L/AV:N/A:N/RC:C/RL:O/E:H.

Affected products

Ibm Business Process Manager Standard — versions 8.5.5, 8.5.7.CF201706, 8.5.7.CF201703
Ibm Cloud Pak For Automation — versions 21.0.2

References

www.ibm.com/support/pages/node/6527782 (x_refsource_CONFIRM)
www.ibm.com/support/pages/node/6526488 (x_refsource_CONFIRM)
ibm-baw-cve202138893-xss (209512) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2021-38893?: CVE-2021-38893 is a medium-severity vulnerability in Ibm Business Process Manager Standard. CVSS score: 6.4/10. Published 2021-12-21.
How severe is CVE-2021-38893?: Medium severity. CVSS v3 base score is 6.4 out of 10.