Cross-Site Scripting Vulnerability in IBM Jazz Foundation and Engineering Products
CVE-2020-4542
5.4MEDIUM
Summary
IBM Jazz Foundation and IBM Engineering products are susceptible to a cross-site scripting vulnerability that permits attackers to inject arbitrary JavaScript code through the Web UI. This exploitation can manipulate the application’s intended functionality and may lead to the exposure of sensitive user credentials within a trusted session, raising significant security concerns for users.
Affected Version(s)
Rational Rhapsody Design Manager 6.0.2
Rational Rhapsody Design Manager 7.0
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved