CVE-2018-1384 — Cross-site Scripting in IBM Business Process Manager

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.4%

top 39.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Business Process Manager IBM Business Process Manager Enterprise Service BUS IBM Websphere Enterprise Service BUS +1 more

Timeline

PublishedMar 30

Latest updateMay 13

Description

IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages5 packages

▶CVEListV5ibm/business_process_manager8.6, 8.6.0.CF201712+1

▶NVDibm/business_process_manager19 versions+18

▶NVDibm/business_process_manager_enterprise_service_bus8.6.0.0

▶NVDibm/websphere_process_server6 versions+5

▶NVDibm/websphere_enterprise_service_bus11 versions+10

🔴Vulnerability Details

GHSA

GHSA-cjp3-hhh7-xhf6: IBM Business Process Manager 8↗2022-05-13

▶

CVEList

CVE-2018-1384: IBM Business Process Manager 8↗2018-03-30

▶