Cross-Site Scripting in IBM Business Automation Workflow and Process Manager
CVE-2020-4530
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 15 September 2020
Summary
IBM Business Automation Workflow and IBM Business Process Manager are susceptible to a cross-site scripting (XSS) vulnerability. This weakness permits an attacker to inject arbitrary JavaScript code into the Web UI. As a result, it compromises user interactions by altering functionalities or potentially disclosing credentials during a trusted session. Organizations utilizing affected versions should address this vulnerability promptly to safeguard their systems.
Affected Version(s)
Business Automation Workflow C.D.0
Business Process Manager 8.0
Business Process Manager 8.5
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved