Cross-Site Scripting Vulnerability in IBM Intelligent Operations Center Products
CVE-2020-4318
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Status
- Vendor
- CVE Published:
- 28 July 2020
Summary
IBM Intelligent Operations Center products, including the Emergency Management and Water Operations solutions, are susceptible to a cross-site scripting (XSS) vulnerability. This flaw permits malicious users to inject arbitrary JavaScript code into the Web UI, potentially compromising the security of users' sessions. If exploited, it may enable the disclosure of sensitive credentials and alter the intended functionality of the affected applications, posing significant risks to users and data integrity.
Affected Version(s)
Intelligent Operations Center 5.1.0
Intelligent Operations Center 5.1.0.2
Intelligent Operations Center 5.1.0.3
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved