First published: Mon Sep 14 2020(Updated: )
IBM Business Automation Workflow and IBM Business Process Manager are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Business Automation Workflow | <=C.D.0 | |
IBM Business Process Manager | <=8.0, 8.5, 8.6 | |
IBM Business Automation Workflow | <20.0.0.2 | |
IBM Business Process Manager | >=8.0.0.0<8.0.1.0 | |
IBM Business Process Manager | >=8.5.0.0<8.5.7.0 | |
IBM Business Process Manager | =8.6.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-4530.
The severity of CVE-2020-4530 is medium with a CVSS score of 5.4.
IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are affected by CVE-2020-4530.
The vulnerability allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.
There is currently no fix available for CVE-2020-4530. IBM recommends applying security mitigations provided in the Security Bulletin.