First published: Thu Dec 13 2018(Updated: )
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150947.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Business Automation Workflow | =18.0.0.0 | |
IBM Business Automation Workflow | =18.0.0.1 | |
IBM Business Process Manager | >=7.5.0.0<=7.5.1.2 | |
IBM Business Process Manager | >=8.0.0.0<=8.0.1.3 | |
IBM Business Process Manager | >=8.5.0.0<=8.5.0.2 | |
IBM Business Process Manager | =8.5.5.0 | |
IBM Business Process Manager | =8.5.6.0 | |
IBM Business Process Manager | =8.5.6.0-cf1 | |
IBM Business Process Manager | =8.5.6.0-cf2 | |
IBM Business Process Manager | =8.5.7.0 | |
IBM Business Process Manager | =8.5.7.0-cf201606 | |
IBM Business Process Manager | =8.5.7.0-cf201609 | |
IBM Business Process Manager | =8.5.7.0-cf201612 | |
IBM Business Process Manager | =8.5.7.0-cf201703 | |
IBM Business Process Manager | =8.5.7.0-cf201706 | |
IBM Business Process Manager | =8.6.0.0 | |
IBM Business Process Manager | =8.6.0.0-cf201712 | |
IBM Business Process Manager | =8.6.0.0-cf201803 | |
IBM WebSphere | >=7.2.0.0<=7.2.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this IBM Business Automation Workflow vulnerability is CVE-2018-1848.
The severity of CVE-2018-1848 is medium.
IBM Business Automation Workflow versions 18.0.0.0 and 18.0.0.1 are affected by CVE-2018-1848.
CVE-2018-1848 allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session.
Yes, you can find additional information about CVE-2018-1848 on SecurityFocus, IBM X-Force, and the IBM support website.