Stored Cross-Site Scripting Vulnerability in IBM Business Process Manager and Automation Workflow
CVE-2020-4698
6.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 8 September 2020
Summary
The vulnerability affects IBM Business Process Manager and IBM Business Automation Workflow, allowing attackers to exploit stored cross-site scripting. This security flaw enables malicious users to embed arbitrary JavaScript code within the application's Web UI. The result can be the alteration of intended functionality and the potential exposure of user credentials during trusted sessions, affecting the overall integrity and security of users' data.
Affected Version(s)
Business Automation Workflow 18.0
Business Automation Workflow 19.0
Business Automation Workflow 20.0
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved