Cross-Site Scripting Vulnerability in IBM Jazz Team Server Applications
CVE-2020-4445

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Rational Rhapsody Design Manager; Rational Quality Manager; Rational Team Concert; Rational Doors Next Generation
Vendor: CVE Published:; 2 September 2020

Summary

IBM Jazz Team Server and related applications are susceptible to a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code into the web interface. This flaw can be exploited to manipulate the functionality of the web UI, potentially leading to unauthorized access and disclosure of user credentials during a trusted session. As a result, users are at risk of significant security breaches if this vulnerability remains unaddressed. For further information, consult the IBM support page and the IBM X-Force vulnerability database.

Affected Version(s)

Engineering Workflow Management 7.0

Rational DOORS Next Generation 6.0.2

Rational DOORS Next Generation 6.0.6

References

https://www.ibm.com/support/pages/node/6325343

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/181122

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 2, 2020
Vulnerability Reserved
Dec 30, 2019