5.4
CVE-2025-33128
- EPSS 0.14%
- Veröffentlicht 22.06.2026 13:20:14
- Zuletzt bearbeitet 26.06.2026 20:20:31
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed
IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Engineering Workflow Management Version7.0.3 Update-
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix001
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix002
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix003
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix004
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix005
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix006
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix007
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix008
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix009
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix010
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix011
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix012
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix013
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix014
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix015
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix016
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix017
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix018
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix019
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix020
Ibm ≫ Engineering Workflow Management Version7.1.0 Update-
Ibm ≫ Engineering Workflow Management Version7.1.0 Updateifix001
Ibm ≫ Engineering Workflow Management Version7.1.0 Updateifix002
Ibm ≫ Engineering Workflow Management Version7.1.0 Updateifix003
Ibm ≫ Engineering Workflow Management Version7.1.0 Updateifix004
Ibm ≫ Engineering Workflow Management Version7.1.0 Updateifix005
Ibm ≫ Engineering Workflow Management Version7.1.0 Updateifix006
Ibm ≫ Engineering Workflow Management Version7.1.0 Updateifix007
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.036 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://www.ibm.com/support/pages/node/7276116