Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products
CVE-2020-4733

5.4MEDIUM

Summary

IBM Jazz Foundation products are vulnerable to a cross-site scripting (XSS) flaw, which permits attackers to inject arbitrary JavaScript code into the web interface. This exploitation could lead to unauthorized actions being performed in the context of a user’s session, potentially allowing for the theft of sensitive information, including credentials. The risk arises from a failure to properly sanitize user inputs, making it essential for users and administrators to remain vigilant against such vulnerabilities.

Affected Version(s)

Engineering Lifecycle Optimization 7.0

Engineering Lifecycle Optimization 7.0.1

Engineering Test Management 7.0.0

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.