Cross-Site Scripting Vulnerability in IBM Jazz Team Server Applications
CVE-2019-4748

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Rational Doors Next Generation; Engineering Workflow Management; Rational Quality Manager; Rational Rhapsody Design Manager
Vendor: CVE Published:; 16 July 2020

Summary

IBM Jazz Team Server-based applications are vulnerable to a cross-site scripting attack that allows malicious users to inject arbitrary JavaScript code into the web interface. This could alter the expected functionality of the application, potentially enabling attackers to steal credentials from users within a trusted session. This vulnerability underscores the importance of web security measures to protect sensitive data from unauthorized access.

Affected Version(s)

Engineering Workflow Management 7.0

Rational DOORS Next Generation 6.0.2

Rational DOORS Next Generation 6.0.6

References

https://www.ibm.com/support/pages/node/6249133

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/173174

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 16, 2020
Vulnerability Reserved
Jan 3, 2019