Cross-Site Scripting Vulnerability in IBM Tivoli Workload Scheduler
CVE-2019-4608

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
10 March 2020

Summary

IBM Tivoli Workload Scheduler version 9.3 contains a Cross-Site Scripting vulnerability that allows an attacker to inject arbitrary JavaScript code into the Web UI. This exploit can manipulate the application's functionality, potentially exposing user credentials during a trusted session. The flaw poses a risk to the integrity and confidentiality of user information, making it crucial for users to protect their systems.

Affected Version(s)

Workload Scheduler 9.3

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.