Cross-Site Scripting Vulnerability in IBM Tivoli Storage Productivity Center
CVE-2019-4137

6.1MEDIUM

Key Information:

Vendor

IBM
Status
Spectrum Control Standard Edition
Vendor
CVE Published:
29 May 2019

What is CVE-2019-4137?

The IBM Tivoli Storage Productivity Center versions 5.2.13 through 5.3.0.1 possess a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code into the Web UI. This could lead to unauthorized actions within trusted sessions, potentially exposing sensitive credentials and compromising user data. The vulnerability represents a significant risk, as it enables exploitation of the product's intended functionality, requiring immediate attention from users and administrators.

Affected Version(s)

Spectrum Control Standard Edition 5.2.13

Spectrum Control Standard Edition 5.2.14

Spectrum Control Standard Edition 5.2.15

References

http://www.ibm.com/support/docview.wss?uid=ibm10880375
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/158333
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/108533
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.