Cross-Site Scripting Vulnerability in IBM Jazz Team Server Applications
CVE-2020-4522
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Status
- Vendor
- CVE Published:
- 2 September 2020
Summary
IBM Jazz Team Server applications have a cross-site scripting vulnerability that permits attackers to inject arbitrary JavaScript code within the web interface. This flaw may lead to the alteration of the application's intended functionality, which could compromise user credentials within a trusted session. The threat underscores the necessity for robust input validation and web application security measures.
Affected Version(s)
Engineering Workflow Management 7.0
Rational DOORS Next Generation 6.0.2
Rational DOORS Next Generation 6.0.6
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved