IBM7FACA853766E8FC80DD18F04F1E92EEF3985D9464AD76C427A421879DFC77967Security Bulletin: IBM Workload scheduler vulnerable to CVE-2019-4608 and CVE-2020-5028
0.001 Low
EPSS
Percentile
19.6%
Summary
IBM Tivoli Dynamic Workload Console is potentially vulnerable to cross-site scripting.
Vulnerability Details
CVEID:CVE-2019-4608
**DESCRIPTION:**IBM Tivoli Workload Scheduler is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168508 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2020-5028 DESCRIPTION: IBM Tivoli Workload Scheduler is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/193665 for more information
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Platforms:
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Tivoli Workload Scheduler | |
| IBM Workload Scheduler |
9.3.x
9.4.x
Remediation/Fixes
The fix is included in IBM Workload Scheduler 9.3 fixpack 04 and in IBM Workload Scheduler 9.4 fixpack 07 already available in FixCentral for download.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm workload scheduler | eq | 9.3 |
Related
0.001 Low
EPSS
Percentile
19.6%