CVE-2020-4768
https://notcve.org/view.php?id=CVE-2020-4768
IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188907. IBM Case Manager versiones 5.2 y 5.3 e IBM Business Automation Workflow versiones 18.0, 19.0 y 20.0, son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista que puede conllevar a una divulgación de credenciales dentro de una sesión de confianza. • https://exchange.xforce.ibmcloud.com/vulnerabilities/188907 https://www.ibm.com/support/pages/node/6414377 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-4426
https://notcve.org/view.php?id=CVE-2019-4426
The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162772. El componente Case Builder entregado con versiones 18.0.0.1 hasta 19.0.0.2 e IBM Case Manager versiones 5.1.1 hasta 5.3, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/162772 https://www.ibm.com/support/pages/node/1116087 https://www.ibm.com/support/pages/node/1135552 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1884
https://notcve.org/view.php?id=CVE-2018-1884
IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970. IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0 y 5.3.3.0 es vulnerabilidad a una vulnerabilidad "zip slip" que podría permitir que un atacante remoto ejecute código mediante técnicas de salto de directorio. IBM X-Force ID: 151970. • http://www.ibm.com/support/docview.wss?uid=ibm10737897 http://www.securityfocus.com/bid/105946 https://exchange.xforce.ibmcloud.com/vulnerabilities/151970 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •