Cross site scripting

2021-12-2119:15:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.7%

JSON

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209512.

CPENameOperatorVersion
business_automation_workfloweq18.0.0.0
business_automation_workfloweq19.0.0.0
business_automation_workfloweq20.0.0.0
business_automation_workfloweq21.0.0.0
business_process_managereq8.5.5.0
business_process_managereq8.5.0.0
business_process_managereq8.5.7.0 cf201706
business_process_managereq8.5.7.0 cf201703
business_process_managereq8.5.7.0 cf201612
business_process_managereq8.6.0.0

Name	Operator	Version
business_automation_workflow	eq	18.0.0.0
business_automation_workflow	eq	19.0.0.0
business_automation_workflow	eq	20.0.0.0
business_automation_workflow	eq	21.0.0.0
business_process_manager	eq	8.5.5.0
business_process_manager	eq	8.5.0.0
business_process_manager	eq	8.5.7.0 cf201706
business_process_manager	eq	8.5.7.0 cf201703
business_process_manager	eq	8.5.7.0 cf201612
business_process_manager	eq	8.6.0.0