Cross-Site Scripting Vulnerability in IBM Jazz Team Server Applications
CVE-2020-4546

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Engineering Workflow Management; Rational Team Concert; Rational Doors Next Generation; Rational Quality Manager
Vendor: CVE Published:; 2 September 2020

Summary

IBM Jazz Team Server applications are susceptible to cross-site scripting attacks, enabling an attacker to inject malicious JavaScript code into the web interface. This vulnerability can compromise the functionality of the application, potentially exposing sensitive user credentials during a trusted session. It is crucial for users of IBM Jazz Team Server to stay informed about this issue and take necessary precautions to mitigate the risks associated with this vulnerability.

Affected Version(s)

Engineering Workflow Management 7.0

Rational DOORS Next Generation 6.0.2

Rational DOORS Next Generation 6.0.6

References

https://www.ibm.com/support/pages/node/6325343

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/183314

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 2, 2020
Vulnerability Reserved
Dec 30, 2019