Cross-Site Scripting Vulnerability in IBM Data Risk Manager
CVE-2020-4615

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
22 September 2020

Summary

IBM Data Risk Manager version 2.0.6 is susceptible to a cross-site scripting vulnerability, enabling attackers to inject arbitrary JavaScript code into the application's Web UI. This malicious code execution can disrupt the intended functionality of the application and may lead to the inappropriate disclosure of sensitive user credentials during trusted sessions. Users of this software should be aware of the associated risks and consider implementing necessary security measures.

Affected Version(s)

Data Risk Manager 2.0.6

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.