Cross-Site Scripting in IBM Business Automation Workflow and Process Manager
CVE-2020-4530

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Business Process Manager; Business Automation Workflow
Vendor: CVE Published:; 15 September 2020

Summary

IBM Business Automation Workflow and IBM Business Process Manager are susceptible to a cross-site scripting (XSS) vulnerability. This weakness permits an attacker to inject arbitrary JavaScript code into the Web UI. As a result, it compromises user interactions by altering functionalities or potentially disclosing credentials during a trusted session. Organizations utilizing affected versions should address this vulnerability promptly to safeguard their systems.

Affected Version(s)

Business Automation Workflow C.D.0

Business Process Manager 8.0

Business Process Manager 8.5

References

https://www.ibm.com/support/pages/node/6332417

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/182714

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 15, 2020
Vulnerability Reserved
Dec 30, 2019