Severity
Medium
Analysis Summary
CVE-2024-28793 CVSS:4.9
IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-37411 CVSS:4.8
IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Impact
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-28793
- CVE-2023-37411
Affected Vendors
IBM
Affected Products
- IBM Aspera Faspex 5.0.0
- IBM Engineering Workflow Management 7.0.2
- IBM Engineering Workflow Management 7.0.3
- IBM Aspera Faspex 5.0.6
Remediation
Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.