IBM Support

PJ46300: SECURITY APAR - CVE-2020-4768 - CROSS-SITE SCRIPTING (XSS) VULNERABILITY OCCURS IN THE PROPERTIES SELECTOR PANEL

Direct links to fixes

IBM Case Manager V5.3.3 Interim Fix 12 for Linux for Z
IBM Case Manager V5.3.3 Interim Fix 12 for Windows
IBM Case Manager V5.3.3 Interim Fix 12 for Suse Linux
IBM Case Manager V5.3.3 Interim Fix 12 for Linux
IBM Case Manager V5.3.3 Interim Fix 12 for AIX
IBM Case Manager V5.3.3 Interim Fix 10 for AIX
IBM Case Manager V5.3.3 Interim Fix 10 for Linux
IBM Case Manager V5.3.3 Interim Fix 10 for SUSE Linux
IBM Case Manager V5.3.3 Interim Fix 10 for Windows
IBM Case Manager V5.3.3 Interim Fix 10 for Linux for Z
workflow.20002.delta.repository
8.6.10019003-WS-BPM-IFPJ46300
8.6.20020001-WS-BPM-IFPJ46300
IBM Case Manager V5.3.3 Interim Fix 8 for AIX
IBM Case Manager V5.3.3 Interim Fix 8 for Linux
IBM Case Manager V5.3.3 Interim Fix 8 for Windows
IBM Case Manager V5.3.3 Interim Fix 9 for AIX
IBM Case Manager V5.3.3 Interim Fix 9 for Linux
IBM Case Manager V5.3.3 Interim Fix 9 for Windows
IBM Case Manager V5.3.3 Interim Fix 9 for Linux for Z
IBM Case Manager V5.3.3 Interim Fix 10 for AIX
IBM Case Manager V5.3.3 Interim Fix 10 for Linux
IBM Case Manager V5.3.3 Interim Fix 10 for SUSE Linux
IBM Case Manager V5.3.3 Interim Fix 10 for Windows
IBM Case Manager V5.3.3 Interim Fix 10 for Linux for Z

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • CVEID: CVE-2020-4768
Description: IBM Case Manager and IBM Business Automation
Workflow are vulnerable to cross-site scripting. This
vulnerability allows users to embed arbitrary JavaScript code in
the Web UI thus altering the intended functionality potentially
leading to credentials disclosure within a trusted session.
CVSS Base Score: 4.4
CVSS Temporal Score:
https://exchange.xforce.ibmcloud.com/vulnerabilities/188907 for
more information
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)




PRODUCTS AFFECTED
IBM Business Automation Workflow
IBM Case Manager

Local fix

  • 



Problem summary


    

  • This issue occurs when you create a case package from a case
client.

    



Problem conclusion


    

  • A fix is available or will be available that resolves the XSS
vulnerability in the Properties Selector panel when you create a
 case package from the Case Client.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PJ46300
    • 

  • Reported component name
    CASE MGR CLIENT
    • 

  • Reported component ID
    5725A1501
    • 

  • Reported release
    533
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-09-17
    • 

  • Closed date
    2021-02-10
    • 

  • Last modified date
    2021-02-10
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    CASE MGR CLIENT
    • 

  • Fixed component ID
    5725A1501
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCTJ4","label":"Case Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"533","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            12 September 2023
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback