Cross-Site Scripting Vulnerability in IBM Data Risk Manager
CVE-2020-4615
5.4MEDIUM
Summary
IBM Data Risk Manager version 2.0.6 is susceptible to a cross-site scripting vulnerability, enabling attackers to inject arbitrary JavaScript code into the application's Web UI. This malicious code execution can disrupt the intended functionality of the application and may lead to the inappropriate disclosure of sensitive user credentials during trusted sessions. Users of this software should be aware of the associated risks and consider implementing necessary security measures.
Affected Version(s)
Data Risk Manager 2.0.6
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved