VYPR
Unrated severityNVD Advisory· Published May 28, 2024· Updated Feb 13, 2025

IBM Engineering Workflow Management cross-site scripting

CVE-2024-28793

Description

IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286830.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*range: 7.0.2, 7.0.3
    • (no CPE)range: = 7.0.2, = 7.0.3

Patches

Vulnerability mechanics

References

3

News mentions

1