Cross-Site Scripting Vulnerability in IBM Business Automation Products
CVE-2019-4149
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 5 September 2019
Summary
The vulnerability exposes IBM Business Automation Workflow and IBM Business Process Manager products to cross-site scripting attacks. This issue enables malicious users to inject arbitrary JavaScript code into the Web UI, potentially compromising user sessions and leading to credential disclosure. Security measures should be prioritized to mitigate the risk associated with this flaw.
Affected Version(s)
Business Automation Workflow 18.0.0.0
Business Automation Workflow 18.0.0.2
Business Process Manager 8.6.0.0
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved