Cross-Site Scripting Vulnerability in IBM Watson Assistant for Cloud Pak for Data
CVE-2019-4428
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 9 December 2019
Summary
IBM Watson Assistant for IBM Cloud Pak for Data versions 1.0.0 through 1.3.0 are exposed to a cross-site scripting vulnerability. This flaw allows attackers to inject arbitrary JavaScript into the Web UI, potentially modifying the application’s behavior. Exploitation of this vulnerability could lead to unauthorized actions and sensitive data exposure, as it could facilitate credential theft during a trusted user session. Organizations utilizing these versions must immediately assess and mitigate this risk to safeguard their operations.
Affected Version(s)
Watson Assistant for IBM Cloud Pak for Data 1.0.0
Watson Assistant for IBM Cloud Pak for Data 1.3.0
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved