Medium Severity

Security Bulletin: IBM Workload Scheduler potentially vulnerable to cross site scripting

Share this post:

Dynamic Workload Console for IBM Workload Scheduler is potentially affected by cross site vulnerability: after loginit is possible to modify one of the outgoing requests in this loading process and obtain a response that generates an alert in the browser, using both HTTP methods, GET and POST.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Workload Scheduler 9.3.0.4 and earlier

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6223030

More stories

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments

Nov 21, 2020 7:00 pm EST | Medium Severity

A vulnerability IBM WebSphere Application Server Liberty could allow an attacker to obtain sensitive information. This vulnerability may affect the IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments. ...read more


Security Bulletin: Improper Authentication of Websocket Endpoint in IBM Spectrum Protect Operations Center

Nov 20, 2020 7:00 pm EST | Medium Severity

Improper authentication of a websocket endpoint in IBM Spectrum Protect Operations Center could allow a remote attacker to obtain sensitive information. ...read more


Security Bulletin: Vulnerabilities in IBM Db2 and IBM Java Runtime affect IBM Spectrum Protect Server

Nov 20, 2020 7:00 pm EST | Medium Severity

Multiple vulnerabilities in IBM Db2 and IBM Runtime Environment Java affect the IBM Spectrum Protect Server. The Java vulnerabilities were disclosed as part of the IBM Java SDK updates in January, April, and July 2020. ...read more