CVE Catalog

CVE-2025-33128

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

An XSS vulnerability in IBM Engineering Workflow Management allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially leading to credential disclosure within a trusted session.

Risk Assessment

An attacker could hijack another user's session, steal their login credentials, or perform unauthorized actions in the victim's context.

Recommendation

Apply the available fixes (Interim Fix 020 for version 7.0.3 or Interim Fix 007 for version 7.1) immediately and restrict user privileges to the minimum necessary.

Original NVD description (English source)

IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS