First published: Fri Jan 22 2021(Updated: )
IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188907.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Business Automation Workflow | >=18.0.0.0<=20.0.0.2 | |
IBM Case Manager | >=5.2.0<=5.3.3 | |
<=V18.0.0.x | ||
<=V19.0.0.x | ||
<=V20.0.0.1 | ||
<=V5.3.x | ||
<=V5.2.x |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-4768 is medium with a CVSS score of 5.4.
IBM Case Manager 5.2 and 5.3, IBM Business Automation Workflow 18.0, 19.0, and 20.0 are affected by CVE-2020-4768.
CVE-2020-4768 is a cross-site scripting (XSS) vulnerability.
An attacker can exploit CVE-2020-4768 by embedding arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.
Yes, you can find more information about CVE-2020-4768 at the following URLs: [https://exchange.xforce.ibmcloud.com/vulnerabilities/188907](https://exchange.xforce.ibmcloud.com/vulnerabilities/188907) and [https://www.ibm.com/support/pages/node/6414377](https://www.ibm.com/support/pages/node/6414377).