Medium Severity

Security Bulletin: A cross site scripting security vulnerability has been identified with Case Builder component shipped with IBM Business Automation Workflow (CVE-2019-4426)

Share this post:

Case Builder component shipped with IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Business Automation Workflow C.D.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1135552

More stories

Security Bulletin: Phishing Attack Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4595)

Feb 20, 2020 7:00 pm EST | Medium Severity

IBM Sterling B2B Integrator has addressed the Phishing attack vulnerability. ...read more


Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM License Metric Tool v9 (CVE-2019-4441).

Feb 20, 2020 7:00 pm EST | Medium Severity

There is a vulnerability in IBM WebSphere Application Server used by IBM License Metric Tool. This issue allows a remote attacker to obtain sensitive information. ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution

Feb 19, 2020 7:00 pm EST | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.5.40 and 7.0.10.45 used by IBM Cast Iron. These issues were disclosed as part of the IBM Java SDK updates in July 2019. IBM Cast Iron has addressed the applicable CVEs. ...read more