Cross-Site Scripting Vulnerability in IBM Watson Assistant for Cloud Pak for Data
CVE-2019-4428

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Watson Assistant For IBM Cloud Pak For Data
Vendor: CVE Published:; 9 December 2019

Summary

IBM Watson Assistant for IBM Cloud Pak for Data versions 1.0.0 through 1.3.0 are exposed to a cross-site scripting vulnerability. This flaw allows attackers to inject arbitrary JavaScript into the Web UI, potentially modifying the application’s behavior. Exploitation of this vulnerability could lead to unauthorized actions and sensitive data exposure, as it could facilitate credential theft during a trusted user session. Organizations utilizing these versions must immediately assess and mitigate this risk to safeguard their operations.

Affected Version(s)

Watson Assistant for IBM Cloud Pak for Data 1.0.0

Watson Assistant for IBM Cloud Pak for Data 1.3.0

References

https://www.ibm.com/support/pages/node/1125585

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/162807

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 9, 2019
Vulnerability Reserved
Jan 3, 2019