Cross-Site Scripting Vulnerability in IBM Workload Scheduler
CVE-2020-4380
5.4MEDIUM
Summary
IBM Workload Scheduler version 9.3.0.4 is susceptible to a cross-site scripting vulnerability that enables attackers to inject arbitrary JavaScript code through the Web UI. This exploit can manipulate the application's intended behavior, potentially allowing the attacker to disclose sensitive information such as user credentials during active sessions, significantly undermining user trust and security.
Affected Version(s)
Workload Scheduler 9.3.0.4
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved