First published: Fri Sep 04 2020(Updated: )
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182371.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Business Automation Workflow | <=V20.0V19.0V18.0 | |
IBM Business Process Manager | <=V8.6V8.5 | |
IBM Business Automation Workflow | =18.0.0.0 | |
IBM Business Automation Workflow | =18.0.0.1 | |
IBM Business Automation Workflow | =18.0.0.2 | |
IBM Business Automation Workflow | =19.0.0.0 | |
IBM Business Automation Workflow | =19.0.0.1 | |
IBM Business Automation Workflow | =19.0.0.2 | |
IBM Business Automation Workflow | =19.0.0.3 | |
IBM Business Automation Workflow | =20.0.0.1 | |
IBM Business Process Manager | =8.5.0.0 | |
IBM Business Process Manager | =8.5.0.0 | |
IBM Business Process Manager | =8.5.0.1 | |
IBM Business Process Manager | =8.5.0.1 | |
IBM Business Process Manager | =8.5.0.2 | |
IBM Business Process Manager | =8.5.0.2 | |
IBM Business Process Manager | =8.5.5.0 | |
IBM Business Process Manager | =8.5.5.0 | |
IBM Business Process Manager | =8.5.6.0 | |
IBM Business Process Manager | =8.5.6.0 | |
IBM Business Process Manager | =8.5.6.1 | |
IBM Business Process Manager | =8.5.6.1 | |
IBM Business Process Manager | =8.5.6.2 | |
IBM Business Process Manager | =8.5.6.2 | |
IBM Business Process Manager | =8.5.7.0 | |
IBM Business Process Manager | =8.5.7.0 | |
IBM Business Process Manager | =8.5.7.0-cf201606 | |
IBM Business Process Manager | =8.5.7.0-cf201606 | |
IBM Business Process Manager | =8.5.7.0-cf201609 | |
IBM Business Process Manager | =8.5.7.0-cf201609 | |
IBM Business Process Manager | =8.5.7.0-cf201612 | |
IBM Business Process Manager | =8.5.7.0-cf201612 | |
IBM Business Process Manager | =8.5.7.0-cf201703 | |
IBM Business Process Manager | =8.5.7.0-cf201703 | |
IBM Business Process Manager | =8.5.7.0-cf201706 | |
IBM Business Process Manager | =8.5.7.0-cf201706 | |
IBM Business Process Manager | =8.6.0.0 | |
IBM Business Process Manager | =8.6.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability of CVE-2020-4516 is cross-site scripting (XSS).
IBM Business Process Manager versions 8.5 and 8.6, and IBM Business Automation Workflow versions 18.0, 19.0, and 20.0 are affected by CVE-2020-4516.
The severity rating of CVE-2020-4516 is medium with a score of 5.4.
To fix the vulnerability in IBM Business Process Manager and IBM Business Automation Workflow, apply the necessary security patches or updates provided by IBM.
More information about CVE-2020-4516 can be found on the IBM X-Force Exchange website and the IBM support pages.