Cross-Site Scripting Vulnerability in IBM Engineering Requirements Quality Assistant On-Premises
CVE-2020-4666
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 8 January 2021
Summary
IBM Engineering Requirements Quality Assistant On-Premises is susceptible to cross-site scripting, enabling attackers to inject arbitrary JavaScript code into the web interface. This could jeopardize user credentials by manipulating standard application functionalities during a trusted session. Such vulnerabilities highlight the critical need for robust input validation and sanitization in web applications to protect sensitive user data. For more information, refer to the IBM support documentation and X-Force database entry.
Affected Version(s)
Engineering Requirements Quality Assistant On-Premises
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved