Cross-Site Scripting Vulnerability in IBM Jazz Foundation and Engineering Products
CVE-2020-4525
5.4MEDIUM
Summary
The IBM Jazz Foundation and IBM Engineering products are susceptible to a cross-site scripting vulnerability. This issue enables attackers to inject arbitrary JavaScript code into the web user interface, which can modify the expected behavior of the application. Consequently, this may allow an attacker to gain unauthorized access to sensitive information, such as user credentials, during a trusted session. For further details, refer to the IBM security advisory and the X-Force vulnerability database.
Affected Version(s)
Rational Rhapsody Design Manager 6.0.2
Rational Rhapsody Design Manager 7.0
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved