Multiple IBM Business Products CVE-2018-1848 Cross Site Scripting Vulnerability

Bugtraq ID:	106217
Class:	Input Validation Error
CVE:	CVE-2018-1848
Remote:	Yes
Local:	No
Published:	Dec 13 2018 12:00AM
Updated:	Dec 13 2018 12:00AM
Credit:	IBM
Vulnerable:	IBM WebSphere Lombardi Edition 7.2.0.5 IBM WebSphere Lombardi Edition 7.2.0.0 IBM Business Process Manager 8.5 1 IBM Business Process Manager 8.0.1 2 IBM Business Process Manager 7.5.1 2 IBM Business Process Manager 7.5 .0 IBM Business Process Manager 8.5.7.0 CF 2017.06 IBM Business Process Manager 8.5.7.0 CF 2017.03 IBM Business Process Manager 8.5.7.0 CF 2016.12 IBM Business Process Manager 8.5.7.0 IBM Business Process Manager 8.5.6.0 CF 2 IBM Business Process Manager 8.5.6.0 CF 1 IBM Business Process Manager 8.5.6.0 IBM Business Process Manager 8.5.5.0 IBM Business Process Manager 8.5.0.2 IBM Business Process Manager 8.5.0.0 IBM Business Process Manager 8.0.1.3 IBM Business Process Manager 8.0.1.1 IBM Business Process Manager 8.0.1.0 IBM Business Process Manager 8.0.0.0 IBM Business Process Manager 7.5.1.1 IBM Business Process Manager 7.5.0.1 IBM Business Automation Workflow 18.0.0.1 IBM Business Automation Workflow 18.0.0.0
Not Vulnerable:	IBM Business Automation Workflow 18.0.0.2

Multiple IBM Business Products CVE-2018-1848 Cross Site Scripting Vulnerability

Multiple IBM Business products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Multiple IBM Business Products CVE-2018-1848 Cross Site Scripting Vulnerability

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.