CVE-2025-33128

IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Link Resource
https://www.ibm.com/support/pages/node/7276116 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:-:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix001:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix002:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix003:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix004:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix005:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix006:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix007:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix008:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix009:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix010:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix011:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix012:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix013:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix014:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix015:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix016:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix017:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix018:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix019:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix020:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix001:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix002:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix003:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix004:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix005:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix006:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix007:*:*:*:*:*:*

History

26 Jun 2026, 20:20

Type Values Removed Values Added
References () https://www.ibm.com/support/pages/node/7276116 - () https://www.ibm.com/support/pages/node/7276116 - Vendor Advisory
First Time Ibm engineering Workflow Management
Ibm
CPE cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix020:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix006:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix018:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix013:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix015:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix007:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix005:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix003:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:-:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix009:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix003:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix010:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix012:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix007:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix002:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix005:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix016:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix006:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix001:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix019:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix001:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix014:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix008:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix002:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix017:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix004:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix004:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix011:*:*:*:*:*:*

22 Jun 2026, 14:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-22 14:16

Updated : 2026-06-26 20:20


NVD link : CVE-2025-33128

Mitre link : CVE-2025-33128

CVE.ORG link : CVE-2025-33128


JSON object : View

Products Affected

ibm

  • engineering_workflow_management
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')