IBM Case Manager and IBM Business Automation Workflow may be vulnerable to a cross site scripting attack.
CVEID:CVE-2020-4768
**DESCRIPTION:**IBM Case Manager and IBM Business Automation Workflow are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188907 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Business Automation Workflow |
V18.0.0.x
IBM Business Automation Workflow|
V19.0.0.x
IBM Business Automation Workflow|
V20.0.0.1
IBM Case Manager| V5.3.x
IBM Case Manager| V5.2.x
Affected Product(s) | Version(s) | Remediation / Fix |
---|---|---|
IBM Business Automation Workflow | V20.0.0.1 | Apply PJ46300 or upgrade to IBM Business Automation Workflow 20.0.0.2 or later |
IBM Business Automation Workflow | V19.0.0.x | Apply PJ46300 or upgrade to IBM Business Automation Workflow 20.0.0.2 or later |
IBM Business Automation Workflow | V18.0.0.x | Upgrade to IBM Business Automation Workflow 19.0.0.3 and apply PJ46300 or upgrade IBM Business Automation Workflow 20.0.0.2 or later. |
IBM Case Manager | V5.3.x | Apply IBM Case Manager interim fix for PJ46300 |
IBM Case Manager | V5.2.x |
Upgrade to IBM Case Manager 5.3.3 and apply PJ46300 or upgrade to IBM Business Automation Workflow 20.0.0.2 or later.