Cross-Site Scripting Vulnerability in IBM Jazz Team Server Applications
CVE-2020-4522

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Rational Rhapsody Design Manager; Rational Quality Manager; Engineering Workflow Management; Rational Doors Next Generation
Vendor: CVE Published:; 2 September 2020

What is CVE-2020-4522?

IBM Jazz Team Server applications have a cross-site scripting vulnerability that permits attackers to inject arbitrary JavaScript code within the web interface. This flaw may lead to the alteration of the application's intended functionality, which could compromise user credentials within a trusted session. The threat underscores the necessity for robust input validation and web application security measures.

Affected Version(s)

Engineering Workflow Management 7.0

Rational DOORS Next Generation 6.0.2

Rational DOORS Next Generation 6.0.6

References

https://www.ibm.com/support/pages/node/6325343

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/182397

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2020
Vulnerability Reserved
Dec 30, 2019