Cross-Site Scripting in IBM Security Directory Server by IBM
CVE-2019-4542
6.1MEDIUM
Summary
IBM Security Directory Server version 6.4.0 contains a vulnerability that permits cross-site scripting, enabling attackers to inject arbitrary JavaScript code into the web interface. This flaw may compromise the system's functionality, potentially leading to unauthorized disclosure of user credentials in a trusted session. Users should take caution and implement appropriate security measures to mitigate the risks associated with this vulnerability.
Affected Version(s)
Security Directory Server 6.4.0
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved