Cross-Site Scripting Vulnerability in IBM Cloud Pak System
CVE-2020-4916
5.5MEDIUM
Summary
IBM Cloud Pak System 2.3 is prone to a cross-site scripting vulnerability that enables attackers to inject arbitrary JavaScript code into the Web UI. This exploitation could lead to unauthorized alteration of user interfaces and potential credential exposure within an authenticated session. Users must remain vigilant to this security risk, as it may compromise the integrity of sensitive user information.
Affected Version(s)
Cloud Pak System 2.3
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved