Cross-Site Scripting Vulnerability in IBM Jazz Reporting Service
CVE-2020-4541

6.1MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
10 August 2020

Summary

The IBM Jazz Reporting Service versions 7.0 and 7.0.1 are susceptible to cross-site scripting (XSS) attacks. This vulnerability enables attackers to inject arbitrary JavaScript code into the web user interface, potentially compromising user sessions and exposing confidential information, including login credentials. Attackers can exploit this flaw to manipulate the intended behavior of the application, leading to unauthorized actions within a trusted context. Organizations using these versions are urged to apply security measures to mitigate this risk.

Affected Version(s)

Jazz Reporting Service 7.0

Jazz Reporting Service 7.0.1

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.