Cross-Site Scripting Vulnerability in IBM Engineering Products
CVE-2020-4866

5.4MEDIUM

Summary

IBM Engineering products are susceptible to a cross-site scripting (XSS) vulnerability, where attackers can inject arbitrary JavaScript code into the Web user interface. This exploitation could manipulate the intended operation of the application, potentially leading to credential disclosure within a trusted session. Users interacting with the compromised Web UI may unknowingly expose sensitive information, making it imperative for organizations to apply the latest security updates and follow best practices to mitigate this risk. For detailed information, please refer to IBM's official support page and their X-Force vulnerability database.

Affected Version(s)

Engineering Lifecycle Optimization 7.0

Engineering Lifecycle Optimization 7.0.1

Engineering Lifecycle Optimization 7.0.2

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.