Medium Severity

Security Bulletin: A cross site scripting security vulnerability has been identified with Case Builder component in IBM Case Manager (CVE-2019-4426)

Share this post:

Case Builder component shipped in IBM Case Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Case Manager 5.1.1
IBM Case Manager 5.2.0
IBM Case Manager 5.2.1
IBM Case Manager 5.3CD

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1116087

More stories

Security Bulletin: IBM RackSwitch firmware products are affected by the following OpenSLL vulnerability

Feb 28, 2020 7:02 pm EST | Medium Severity

IBM RackSwitch firmware products are affected by the following OpenSLL vulnerability ...read more


Security Bulletin: Addressing the Sqlite Vulnerability CVE-2019-16168, CVE-2019-19242 and CVE-2019-19244

Feb 28, 2020 7:02 pm EST | Medium Severity

IBM Tivoli Composite Application Manager (ITCAM) for Transactions - Transaction Tracking has addressed the following SQLite vulnerability: ...read more


Security Bulletin: A vulnerability in Python affects IBM Operations Analytics Predictive Insights (CVE-2018-14647)

Feb 28, 2020 7:02 pm EST | Medium Severity

Python is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Note that the usage of Python within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If you do not use that utility then you are not affected by this bulletin. ...read more