First published: Tue Sep 08 2020(Updated: )
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186841.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Business Automation Workflow | =18.0.0.0 | |
IBM Business Automation Workflow | =18.0.0.1 | |
IBM Business Automation Workflow | =18.0.0.2 | |
IBM Business Automation Workflow | =19.0.0.0 | |
IBM Business Automation Workflow | =19.0.0.1 | |
IBM Business Automation Workflow | =19.0.0.2 | |
IBM Business Automation Workflow | =19.0.0.3 | |
IBM Business Automation Workflow | =20.0.0.1 | |
IBM Business Process Manager | =8.5.0.0 | |
IBM Business Process Manager | =8.5.0.0 | |
IBM Business Process Manager | =8.5.0.1 | |
IBM Business Process Manager | =8.5.0.1 | |
IBM Business Process Manager | =8.5.0.2 | |
IBM Business Process Manager | =8.5.0.2 | |
IBM Business Process Manager | =8.5.5.0 | |
IBM Business Process Manager | =8.5.5.0 | |
IBM Business Process Manager | =8.5.6.0 | |
IBM Business Process Manager | =8.5.6.0 | |
IBM Business Process Manager | =8.5.6.1 | |
IBM Business Process Manager | =8.5.6.1 | |
IBM Business Process Manager | =8.5.6.2 | |
IBM Business Process Manager | =8.5.6.2 | |
IBM Business Process Manager | =8.5.7.0 | |
IBM Business Process Manager | =8.5.7.0 | |
IBM Business Process Manager | =8.5.7.0-cf201606 | |
IBM Business Process Manager | =8.5.7.0-cf201606 | |
IBM Business Process Manager | =8.5.7.0-cf201609 | |
IBM Business Process Manager | =8.5.7.0-cf201609 | |
IBM Business Process Manager | =8.5.7.0-cf201612 | |
IBM Business Process Manager | =8.5.7.0-cf201612 | |
IBM Business Process Manager | =8.5.7.0-cf201703 | |
IBM Business Process Manager | =8.5.7.0-cf201703 | |
IBM Business Process Manager | =8.5.7.0-cf201706 | |
IBM Business Process Manager | =8.5.7.0-cf201706 | |
IBM Business Process Manager | =8.6.0.0 | |
IBM Business Process Manager | =8.6.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2020-4698.
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are affected by this vulnerability.
The severity level of CVE-2020-4698 is medium, with a severity value of 5.4.
This vulnerability allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credential theft or other malicious activities.
More information about the vulnerability can be found at the following references: [link1](https://exchange.xforce.ibmcloud.com/vulnerabilities/186841) and [link2](https://www.ibm.com/support/pages/node/6326825).