IBM Tivoli Dynamic Workload Console is potentially vulnerable to cross-site scripting.
CVEID:CVE-2019-4608
**DESCRIPTION:**IBM Tivoli Workload Scheduler is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168508 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2020-5028 DESCRIPTION: IBM Tivoli Workload Scheduler is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/193665 for more information
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Platforms:
Affected Product(s) | Version(s) |
---|---|
Tivoli Workload Scheduler | |
IBM Workload Scheduler |
9.3.x
9.4.x
The fix is included in IBM Workload Scheduler 9.3 fixpack 04 and in IBM Workload Scheduler 9.4 fixpack 07 already available in FixCentral for download.
None