Cross site scripting

2022-12-0717:15:00

PRIOn knowledge base

www.prio-n.com

ibm business process manager

cross-site scripting

web ui

credentials disclosure

trusted session

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.1%

JSON

IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687.

CPENameOperatorVersion
business_automation_workfloweq22.0.1 if1
business_automation_workfloweq22.0.1
business_automation_workfloweq21.0.3 if11
business_automation_workfloweq21.0.3 if10
business_automation_workfloweq21.0.3 if9
business_automation_workfloweq21.0.3 if8
business_automation_workfloweq21.0.3 if7
business_automation_workfloweq21.0.3 if6
business_automation_workfloweq21.0.3 if5
business_automation_workfloweq21.0.3 if2

Name	Operator	Version
business_automation_workflow	eq	22.0.1 if1
business_automation_workflow	eq	22.0.1
business_automation_workflow	eq	21.0.3 if11
business_automation_workflow	eq	21.0.3 if10
business_automation_workflow	eq	21.0.3 if9
business_automation_workflow	eq	21.0.3 if8
business_automation_workflow	eq	21.0.3 if7
business_automation_workflow	eq	21.0.3 if6
business_automation_workflow	eq	21.0.3 if5
business_automation_workflow	eq	21.0.3 if2