4 matches found
CVE-2019-4426
CVE-2019-4426 is a cross-site scripting vulnerability in the Case Builder component of IBM Case Manager (versions 5.1.1–5.3) and IBM Business Automation Workflow (18.0.0.0–19.0.0.2). The root cause is inadequate sanitization of user input in the Web UI, allowing arbitrary JavaScript execution and...
CVE-2015-1979
CVE-2015-1979 details (IBM Case Manager) : Affected product is IBM Case Manager 5.2.1, vulnerable before 5.2.1.2. The issue resides in the Error dialog where remote authenticated users can inject arbitrary web script or HTML via crafted input to the (1) addressability or (2) comments component, i...
CVE-2020-4768
IBM CVE-2020-4768 affects IBM Case Manager and IBM Business Automation Workflow. The issue is a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript and potentially disclose credentials within a trusted session. Affected products/versions include IBM Ca...
CVE-2018-1884
The CVE-2018-1884 issue affects IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0. It is a Zip Slip path traversal vulnerability that could allow an attacker to execute code by manipulating imported solution package zip files. IBM’s security bulletin confirms the root caus...