5.4

CVE-2025-33128

IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed

IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmEngineering Workflow Management Version7.0.3 Update-
IbmEngineering Workflow Management Version7.0.3 Updateifix001
IbmEngineering Workflow Management Version7.0.3 Updateifix002
IbmEngineering Workflow Management Version7.0.3 Updateifix003
IbmEngineering Workflow Management Version7.0.3 Updateifix004
IbmEngineering Workflow Management Version7.0.3 Updateifix005
IbmEngineering Workflow Management Version7.0.3 Updateifix006
IbmEngineering Workflow Management Version7.0.3 Updateifix007
IbmEngineering Workflow Management Version7.0.3 Updateifix008
IbmEngineering Workflow Management Version7.0.3 Updateifix009
IbmEngineering Workflow Management Version7.0.3 Updateifix010
IbmEngineering Workflow Management Version7.0.3 Updateifix011
IbmEngineering Workflow Management Version7.0.3 Updateifix012
IbmEngineering Workflow Management Version7.0.3 Updateifix013
IbmEngineering Workflow Management Version7.0.3 Updateifix014
IbmEngineering Workflow Management Version7.0.3 Updateifix015
IbmEngineering Workflow Management Version7.0.3 Updateifix016
IbmEngineering Workflow Management Version7.0.3 Updateifix017
IbmEngineering Workflow Management Version7.0.3 Updateifix018
IbmEngineering Workflow Management Version7.0.3 Updateifix019
IbmEngineering Workflow Management Version7.0.3 Updateifix020
IbmEngineering Workflow Management Version7.1.0 Update-
IbmEngineering Workflow Management Version7.1.0 Updateifix001
IbmEngineering Workflow Management Version7.1.0 Updateifix002
IbmEngineering Workflow Management Version7.1.0 Updateifix003
IbmEngineering Workflow Management Version7.1.0 Updateifix004
IbmEngineering Workflow Management Version7.1.0 Updateifix005
IbmEngineering Workflow Management Version7.1.0 Updateifix006
IbmEngineering Workflow Management Version7.1.0 Updateifix007
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.036
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@us.ibm.com 5.4 2.3 2.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.ibm.com/support/pages/node/7276116
Vendor Advisory