Description
IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209165.
CVSS breakdown
CVSS 3.0
User Interaction
Required
Scope
Changed
Attack Complexity
Low
Integrity
Low
Privileges Required
Low
Availability
None
Attack Vector
Network
Confidentiality
Low
RL
O
RC
Changed
E
High
Affected products
- ibm / business_automation_workflow19.0.0 – 19.0.0
- ibm / business_automation_workflow20.0.0 – 20.0.0
- ibm / business_automation_workflow21.0 – 21.0
- ibm / business_automation_workflow18.0.0 – 18.0.0
- ibm / Business Process Manager8.5 – 8.5
- ibm / Business Process Manager8.6 – 8.6