Cross-Site Scripting Vulnerability in IBM Business Automation Workflow and IBM Business Process Manager
CVE-2020-4557
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 29 June 2020
Summary
IBM Business Automation Workflow and IBM Business Process Manager are susceptible to a cross-site scripting vulnerability that enables attackers to inject arbitrary JavaScript code via the web interface. This could lead to unauthorized actions within a user's session, potentially compromising sensitive information like credentials. Users of the affected versions should be aware of the risks and update their systems accordingly.
Affected Version(s)
Business Automation Workflow 18.0
Business Automation Workflow 19.0
Business Automation Workflow 20.0
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved