Cross-Site Scripting Vulnerability in IBM Intelligent Operations Center Products
CVE-2020-4318

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Intelligent Operations Center For Emergency Management; Water Operations For Waternamics; Intelligent Operations Center
Vendor: CVE Published:; 28 July 2020

What is CVE-2020-4318?

IBM Intelligent Operations Center products, including the Emergency Management and Water Operations solutions, are susceptible to a cross-site scripting (XSS) vulnerability. This flaw permits malicious users to inject arbitrary JavaScript code into the Web UI, potentially compromising the security of users' sessions. If exploited, it may enable the disclosure of sensitive credentials and alter the intended functionality of the affected applications, posing significant risks to users and data integrity.

Affected Version(s)

Intelligent Operations Center 5.1.0

Intelligent Operations Center 5.1.0.2

Intelligent Operations Center 5.1.0.3

References

https://www.ibm.com/support/pages/node/6253297

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/177356

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2020
Vulnerability Reserved
Dec 30, 2019