FKIE_CVE-2025-33128

Vulnerability from fkie_nvd - Published: 2026-06-22 14:16 - Updated: 2026-06-26 20:20
Summary
IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

{
  "affected": [
    {
      "affectedData": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:interim_fix_020:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:engineering_workflow_management:7.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:engineering_workflow_management:7.1:interim_fix_007:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:interim_fix_007:*:*:*:*:*:*"
          ],
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "7.0.3 Interim Fix 020",
              "status": "affected",
              "version": "7.0.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1 Interim Fix 007",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "source": "psirt@us.ibm.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "3CB2A4A5-05AB-4591-BC17-508B6CC52D19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix001:*:*:*:*:*:*",
              "matchCriteriaId": "AC3523E9-2176-4F06-89DE-B9E39A8B5DFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix002:*:*:*:*:*:*",
              "matchCriteriaId": "2856B724-9102-453D-92D9-D6960D723EEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix003:*:*:*:*:*:*",
              "matchCriteriaId": "9F016ABC-BE79-4979-9A80-777F0D02615F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix004:*:*:*:*:*:*",
              "matchCriteriaId": "B9FC1B96-18D3-4E17-A9F1-B020F0D72590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix005:*:*:*:*:*:*",
              "matchCriteriaId": "936271E0-3CF6-43CE-81D2-C7B0BEB7BBE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix006:*:*:*:*:*:*",
              "matchCriteriaId": "D34862FD-AE18-46FE-B4E6-AC639120774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix007:*:*:*:*:*:*",
              "matchCriteriaId": "3C3C127B-9AF2-4B7A-ACEE-9A2875CBAE99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix008:*:*:*:*:*:*",
              "matchCriteriaId": "181B8EF5-E34B-41EF-AE2D-3C202D4C88EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix009:*:*:*:*:*:*",
              "matchCriteriaId": "5C8113D3-4934-4551-84BD-FC0A6489F82C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix010:*:*:*:*:*:*",
              "matchCriteriaId": "8BE8D6E5-C897-4C58-BE03-C26B4D3C6494",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix011:*:*:*:*:*:*",
              "matchCriteriaId": "BF1CFB7F-F8EB-4D71-8765-07CE49D31189",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix012:*:*:*:*:*:*",
              "matchCriteriaId": "38A55F98-2982-43E1-AE01-37B423C9B481",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix013:*:*:*:*:*:*",
              "matchCriteriaId": "174815C1-90FD-4947-9EB7-9BF713DCD3D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix014:*:*:*:*:*:*",
              "matchCriteriaId": "FA3149F4-EF4C-46F6-8DAF-C9217CF16F59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix015:*:*:*:*:*:*",
              "matchCriteriaId": "3C23BE8B-1492-40F2-A218-CF85A754D4FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix016:*:*:*:*:*:*",
              "matchCriteriaId": "11CFA2C9-C485-4780-A04C-FA39E7E7A3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix017:*:*:*:*:*:*",
              "matchCriteriaId": "05C3B457-57A8-4DA9-A95E-5D198974A0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix018:*:*:*:*:*:*",
              "matchCriteriaId": "F407A290-B204-4B18-84C0-A598E56F0EAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix019:*:*:*:*:*:*",
              "matchCriteriaId": "7EDBEFA2-B476-4711-8153-214D566875D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix020:*:*:*:*:*:*",
              "matchCriteriaId": "CEC9F849-AF2B-40DB-992A-090605B078F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "7FAE09FF-371A-4B02-A837-40149E773AE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix001:*:*:*:*:*:*",
              "matchCriteriaId": "E153E7C3-A2A5-4757-9684-3DCBCE05B9F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix002:*:*:*:*:*:*",
              "matchCriteriaId": "0B0984C6-0E92-4493-B0A2-40BC0888F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix003:*:*:*:*:*:*",
              "matchCriteriaId": "F62B6927-F717-499A-8EC3-900AC06A3DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix004:*:*:*:*:*:*",
              "matchCriteriaId": "0883E0E8-8E67-44B8-B0D8-E6D55306B319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix005:*:*:*:*:*:*",
              "matchCriteriaId": "2CACCEE4-0346-44B0-ACF8-270F70D8B316",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix006:*:*:*:*:*:*",
              "matchCriteriaId": "57CE388F-D826-4EFC-BBBA-E539FE69361A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix007:*:*:*:*:*:*",
              "matchCriteriaId": "E4C0BF7F-D922-49C3-B62C-F904EB1DBCA6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    }
  ],
  "id": "CVE-2025-33128",
  "lastModified": "2026-06-26T20:20:31.683",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2025-33128",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-06-23T14:05:03.637720Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-06-22T14:16:22.910",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7276116"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…