Cross-Site Scripting Vulnerability in IBM Jazz Team Server Applications
CVE-2020-4445
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Status
- Vendor
- CVE Published:
- 2 September 2020
Summary
IBM Jazz Team Server and related applications are susceptible to a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code into the web interface. This flaw can be exploited to manipulate the functionality of the web UI, potentially leading to unauthorized access and disclosure of user credentials during a trusted session. As a result, users are at risk of significant security breaches if this vulnerability remains unaddressed. For further information, consult the IBM support page and the IBM X-Force vulnerability database.
Affected Version(s)
Engineering Workflow Management 7.0
Rational DOORS Next Generation 6.0.2
Rational DOORS Next Generation 6.0.6
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved