Cross-Site Scripting Vulnerability in IBM Engineering Products
CVE-2020-4866
Key Information:
- Vendor
- IBM
- Status
- Vendor
- CVE Published:
- 4 March 2021
Summary
IBM Engineering products are susceptible to a cross-site scripting (XSS) vulnerability, where attackers can inject arbitrary JavaScript code into the Web user interface. This exploitation could manipulate the intended operation of the application, potentially leading to credential disclosure within a trusted session. Users interacting with the compromised Web UI may unknowingly expose sensitive information, making it imperative for organizations to apply the latest security updates and follow best practices to mitigate this risk. For detailed information, please refer to IBM's official support page and their X-Force vulnerability database.
Affected Version(s)
Engineering Lifecycle Optimization 7.0
Engineering Lifecycle Optimization 7.0.1
Engineering Lifecycle Optimization 7.0.2
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved