Cross-Site Scripting Vulnerability in IBM Business Automation Products
CVE-2019-4149

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
5 September 2019

Summary

The vulnerability exposes IBM Business Automation Workflow and IBM Business Process Manager products to cross-site scripting attacks. This issue enables malicious users to inject arbitrary JavaScript code into the Web UI, potentially compromising user sessions and leading to credential disclosure. Security measures should be prioritized to mitigate the risk associated with this flaw.

Affected Version(s)

Business Automation Workflow 18.0.0.0

Business Automation Workflow 18.0.0.2

Business Process Manager 8.6.0.0

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.