Cross-Site Scripting Vulnerability in IBM Business Automation Workflow and IBM Business Process Manager
CVE-2020-4557

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Business Process Manager; Business Automation Workflow
Vendor: CVE Published:; 29 June 2020

Summary

IBM Business Automation Workflow and IBM Business Process Manager are susceptible to a cross-site scripting vulnerability that enables attackers to inject arbitrary JavaScript code via the web interface. This could lead to unauthorized actions within a user's session, potentially compromising sensitive information like credentials. Users of the affected versions should be aware of the risks and update their systems accordingly.

Affected Version(s)

Business Automation Workflow 18.0

Business Automation Workflow 19.0

Business Automation Workflow 20.0

References

https://www.ibm.com/support/pages/node/6241338

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/183611

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 29, 2020
Vulnerability Reserved
Dec 30, 2019