Cross-Site Scripting Vulnerability in IBM Tivoli Workload Scheduler
CVE-2019-4608
5.4MEDIUM
Summary
IBM Tivoli Workload Scheduler version 9.3 contains a Cross-Site Scripting vulnerability that allows an attacker to inject arbitrary JavaScript code into the Web UI. This exploit can manipulate the application's functionality, potentially exposing user credentials during a trusted session. The flaw poses a risk to the integrity and confidentiality of user information, making it crucial for users to protect their systems.
Affected Version(s)
Workload Scheduler 9.3
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved