Cross-Site Scripting Flaw in IBM ApplinX 11.1
CVE-2024-49792

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Applinx
Vendor: CVE Published:; 6 February 2025

Summary

IBM ApplinX 11.1 contains a cross-site scripting vulnerability that can be exploited by an authenticated user. This flaw permits the injection of arbitrary JavaScript code into the Web UI, which may compromise the security of user credentials during trusted sessions. Attackers could manipulate the application’s intended behavior, leading to unauthorized access and potential data breaches. It is crucial for users and administrators to evaluate their security measures and update the application to mitigate the risks associated with this vulnerability.

Affected Version(s)

ApplinX 11.1

References

https://www.ibm.com/support/pages/node/7182522

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 6, 2025