Cross-Site Scripting Vulnerability in IBM Case Manager and Case Builder
CVE-2019-4426

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Business Automation Workflow
Case Manager
Vendor
CVE Published:
13 December 2019

Summary

The Case Builder component in specific versions of IBM Case Manager is susceptible to a cross-site scripting flaw. This security issue permits attackers to insert arbitrary JavaScript code into the web interface, which may manipulate the site's functionality and could potentially facilitate the disclosure of user credentials during trusted user sessions. The affected versions include IBM Case Manager 5.1.1 through 5.3 and Case Builder 18.0.0.1 through 19.0.0.2.

Affected Version(s)

Business Automation Workflow 18.0.0.1

Business Automation Workflow 19.0.0.2

Case Manager 5.1.1

References

https://www.ibm.com/support/pages/node/1116087
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/1135552
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/162772
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.