CVE-2019-4426

Summary

The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162772.

Affected Software

VendorProductVersion RangeStatus
IBMBusiness Automation Workflow18.0.0.1affected
IBMBusiness Automation Workflow19.0.0.2affected
IBMCase Manager5.1.1affected
IBMCase Manager5.2.1affected
IBMCase Manager5.2.0affected
IBMCase Manager5.3CDaffected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References