IBM Business Process Manager Advanced 19.0.0.1 Cross Site Scripting (XSS) Vulnerability

Summary

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159125.

Credit:

The information has been provided by IBM.
The original article can be found at: https://www.ibm.com/support/docview.wss?uid=ibm10880499


Details

IBM Business Process Manager Advanced  is prone to a cross-site scripting vulnerability.This allows remote attackers to inject arbitrary web script or HTML via vulnerable vectors.A remote attacker can use cross-site scripting(XSS) to send a hostile script to an unsuspicious user

Vulnerable Systems:

  • IBM Business Process Manager Advanced 8.5.7.0 CF 2017.06
  • IBM Business Process Manager Advanced 8.5.7.0 CF 2016.12
  • IBM Business Process Manager Advanced 8.5.7.0
  • IBM Business Process Manager 8.6.0.0 CF 2018.03
  • IBM Business Process Manager 8.6.0.0 CF 2017.12
  • IBM Business Process Manager 8.6.0.0
  • IBM Business Automation Workflow 19.0.0.1
  • IBM Business Automation Workflow 18.0.0.2
  • IBM Business Automation Workflow 18.0.0.1
  • IBM Business Automation Workflow 18.0.0.0

CVE Information:
CVE-2019-4204

Disclosure Timeline:
Publish Date:05/10/2019