Cross-Site Scripting Vulnerability in IBM Watson Assistant for Cloud Pak for Data
CVE-2019-4428

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
9 December 2019

Summary

IBM Watson Assistant for IBM Cloud Pak for Data versions 1.0.0 through 1.3.0 are exposed to a cross-site scripting vulnerability. This flaw allows attackers to inject arbitrary JavaScript into the Web UI, potentially modifying the application’s behavior. Exploitation of this vulnerability could lead to unauthorized actions and sensitive data exposure, as it could facilitate credential theft during a trusted user session. Organizations utilizing these versions must immediately assess and mitigate this risk to safeguard their operations.

Affected Version(s)

Watson Assistant for IBM Cloud Pak for Data 1.0.0

Watson Assistant for IBM Cloud Pak for Data 1.3.0

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.