Unrated severityNVD Advisory· Published May 28, 2024· Updated Feb 13, 2025

IBM Engineering Workflow Management cross-site scripting

CVE-2024-28793

Description

IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286830.

Affected products

IBM/Engineering Workflow Managementcpe-rescue2 versions
cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*range: 7.0.2, 7.0.3
- (no CPE)range: = 7.0.2, = 7.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7154955mitrevendor-advisory
exchange.xforce.ibmcloud.com/vulnerabilities/286830mitrevdb-entry
www.openwall.com/lists/oss-security/2024/05/24/2mitre

News mentions

Jenkins Security Advisory 2024-05-24
Jenkins Security Advisories · May 24, 2024

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000