IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NIBM Engineering Workflow Management
APPIbm7.0.37.1.0
Related vulnerabilities
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain co...
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authentic...
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker t...
IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing X...
IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, ...