CVE-2019-4149

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 53.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Business Automation WorkflowIBM Business Process Manager
Timeline
PublishedSep 5
Latest updateMay 24

Description

IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158415.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

NVDibm/business_automation_workflow18.0.0.018.0.0.2
CVEListV5ibm/business_process_manager6 versions+5
NVDibm/business_process_manager8.5.6.0, 8.5.7.0, 8.6.0.0+2
CVEListV5ibm/business_automation_workflow18.0.0.0, 18.0.0.2+1

🔴Vulnerability Details

2
GHSA
GHSA-cvp3-pjrm-gpxx: IBM Business Automation Workflow V182022-05-24
CVEList
CVE-2019-4149: IBM Business Automation Workflow V182019-09-05
CVE-2019-4149 (MEDIUM CVSS 5.4) | IBM Business Automation Workflow V1 | cvebase.io