CVE-2019-4426 — Cross-site Scripting in IBM Case Manager

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.4%

top 40.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Case Manager IBM Business Automation Workflow

Timeline

PublishedDec 13

Latest updateMay 24

Description

The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162772.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

▶NVDibm/case_manager5.3.0 — 5.3.2+3

▶CVEListV5ibm/case_manager4 versions+3

▶NVDibm/business_automation_workflow19.0.0.0 — 19.0.0.3+1

▶CVEListV5ibm/business_automation_workflow18.0.0.1, 19.0.0.2+1

🔴Vulnerability Details

GHSA

GHSA-v3jj-mj48-m8gv: The Case Builder component shipped with 18↗2022-05-24

▶

CVEList

CVE-2019-4426: The Case Builder component shipped with 18↗2019-12-13

▶