CVE-2019-4149 vulnerability in IBM Products
Published on September 5, 2019
IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158415.
Products Associated with CVE-2019-4149
stack.watch emails you whenever new vulnerabilities are published in IBM Business Automation Workflow or IBM Business Process Manager. Just hit a watch button to start following.
Affected Versions
IBM Business Automation Workflow:- Version 18.0.0.0 is affected.
- Version 18.0.0.2 is affected.
- Version 8.6.0.0 is affected.
- Version 8.5.6.0 is affected.
- Version 8.5.6.0CF2 is affected.
- Version 8.5.7.0 is affected.
- Version 8.5.7.0CF2017.06 is affected.
- Version 8.6.0.0CF2018.03 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.