Cross-Site Scripting Vulnerability in IBM Engineering Requirements Quality Assistant On-Premises
CVE-2020-4666

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
8 January 2021

Summary

IBM Engineering Requirements Quality Assistant On-Premises is susceptible to cross-site scripting, enabling attackers to inject arbitrary JavaScript code into the web interface. This could jeopardize user credentials by manipulating standard application functionalities during a trusted session. Such vulnerabilities highlight the critical need for robust input validation and sanitization in web applications to protect sensitive user data. For more information, refer to the IBM support documentation and X-Force database entry.

Affected Version(s)

Engineering Requirements Quality Assistant On-Premises

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.