Cross-Site Scripting Vulnerability in IBM Case Manager and Case Builder
CVE-2019-4426
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 13 December 2019
Summary
The Case Builder component in specific versions of IBM Case Manager is susceptible to a cross-site scripting flaw. This security issue permits attackers to insert arbitrary JavaScript code into the web interface, which may manipulate the site's functionality and could potentially facilitate the disclosure of user credentials during trusted user sessions. The affected versions include IBM Case Manager 5.1.1 through 5.3 and Case Builder 18.0.0.1 through 19.0.0.2.
Affected Version(s)
Business Automation Workflow 18.0.0.1
Business Automation Workflow 19.0.0.2
Case Manager 5.1.1
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved