Page 6 of 30 results (0.003 seconds)

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162772. El componente Case Builder entregado con versiones 18.0.0.1 hasta 19.0.0.2 e IBM Case Manager versiones 5.1.1 hasta 5.3, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/162772 https://www.ibm.com/support/pages/node/1116087 https://www.ibm.com/support/pages/node/1135552 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.2EPSS: 0%CPEs: 17EXPL: 0

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770. IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1 y 19.0.0.2 es vulnerable a un ataque de inyección de entidadexterna XML (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/162770 https://www.ibm.com/support/docview.wss?uid=ibm10959537 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.7EPSS: 0%CPEs: 16EXPL: 0

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771. IBM Business Automation Workflow 18.0.0.0, 18.0.0.1 y 18.0.0.2 podría permitir a un usuario obtener información altamente confidencial de otro usuario insertando enlaces en los que los usuarios desprevenidos harían clic. ID de IBM X-Force: 162771. • https://exchange.xforce.ibmcloud.com/vulnerabilities/162771 https://www.ibm.com/support/docview.wss?uid=ibm10959261 •

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657. IBM Business Automation Workflow versiones 18.0.0.0, 18.0.0.1, 18.0.0.2, y 19.0.0.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista que puede conllevar a la divulgación de credenciales dentro de una sesión de confianza. • http://www.securityfocus.com/bid/108993 https://exchange.xforce.ibmcloud.com/vulnerabilities/162657 https://www.ibm.com/support/docview.wss?uid=ibm10888037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159125. IBM Business Automation Workflow, versiones 18.0.0.0.0.0, 18.0.0.1, 18.0.0.2 y 19.0.0.1, es vulnerable a los ataques XSS. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario de la Web, alterando así la funcionalidad prevista que puede conducir a la divulgación de credenciales dentro de una sesión de confianza. • http://www.securityfocus.com/bid/108328 https://exchange.xforce.ibmcloud.com/vulnerabilities/159125 https://www.ibm.com/support/docview.wss?uid=ibm10880499 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •