Cross-Site Scripting Vulnerability in IBM Jazz Team Server Applications
CVE-2019-4748
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Status
- Vendor
- CVE Published:
- 16 July 2020
Summary
IBM Jazz Team Server-based applications are vulnerable to a cross-site scripting attack that allows malicious users to inject arbitrary JavaScript code into the web interface. This could alter the expected functionality of the application, potentially enabling attackers to steal credentials from users within a trusted session. This vulnerability underscores the importance of web security measures to protect sensitive data from unauthorized access.
Affected Version(s)
Engineering Workflow Management 7.0
Rational DOORS Next Generation 6.0.2
Rational DOORS Next Generation 6.0.6
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved