Cross-Site Scripting Vulnerability in IBM Tivoli Storage Productivity Center
CVE-2019-4137
6.1MEDIUM
Summary
The IBM Tivoli Storage Productivity Center versions 5.2.13 through 5.3.0.1 possess a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code into the Web UI. This could lead to unauthorized actions within trusted sessions, potentially exposing sensitive credentials and compromising user data. The vulnerability represents a significant risk, as it enables exploitation of the product's intended functionality, requiring immediate attention from users and administrators.
Affected Version(s)
Spectrum Control Standard Edition 5.2.13
Spectrum Control Standard Edition 5.2.14
Spectrum Control Standard Edition 5.2.15
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved