Cross-Site Scripting Vulnerability in IBM Tivoli Workload Scheduler
CVE-2019-4608

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Workload Scheduler
Vendor: CVE Published:; 10 March 2020

Summary

IBM Tivoli Workload Scheduler version 9.3 contains a Cross-Site Scripting vulnerability that allows an attacker to inject arbitrary JavaScript code into the Web UI. This exploit can manipulate the application's functionality, potentially exposing user credentials during a trusted session. The flaw poses a risk to the integrity and confidentiality of user information, making it crucial for users to protect their systems.

Affected Version(s)

Workload Scheduler 9.3

References

https://www.ibm.com/support/pages/node/5694189

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/168508

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 10, 2020
Vulnerability Reserved
Jan 3, 2019