CVE-2020-4698
published 2020-09-08CVE-2020-4698: IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186841.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_process_manager | — | — |
| ibm | business_process_manager | — | — |
| ibm | business_process_manager | — | — |
| ibm | business_process_manager | — | — |
| ibm | business_process_manager | — | — |
| ibm | business_process_manager | — | — |
| ibm | business_process_manager | — | — |
| ibm | business_process_manager | — | — |
| ibm | business_process_manager | — | — |
| ibm | business_process_manager | — | — |
| ibm | business_process_manager | — | — |
| thekelleys | dnsmasq | >= 0 < 2.75-1ubuntu0.16.04.8 | 2.75-1ubuntu0.16.04.8 |
| thekelleys | dnsmasq | >= 0 < 2.79-1ubuntu0.3 | 2.79-1ubuntu0.3 |
| thekelleys | dnsmasq | >= 0 < 2.80-1.1ubuntu1.3 | 2.80-1.1ubuntu1.3 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv3.7LOW