Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products
CVE-2020-4697

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Rational Team Concert; Rational Rhapsody Design Manager; Rational Rhapsody Model Manager; Rational Doors Next Generation
Vendor: CVE Published:; 8 January 2021

What is CVE-2020-4697?

IBM Jazz Foundation products are susceptible to a cross-site scripting vulnerability that permits attackers to inject malicious JavaScript code into the web user interface. This flaw can result in unauthorized changes to the functionality of the site, potentially allowing for sensitive information disclosure, such as user credentials, within trusted sessions. For more information, please refer to IBM's official support page and the IBM X-Force vulnerability database entry.

Affected Version(s)

Engineering Lifecycle Optimization 7.0

Engineering Lifecycle Optimization 7.0.1

Engineering Test Management 7.0.0

References

https://www.ibm.com/support/pages/node/6398742

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/186790

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2021
Vulnerability Reserved
Dec 30, 2019