Cross-Site Scripting Vulnerability in IBM Cloud Pak System
CVE-2020-4916

5.5MEDIUM

Key Information:

Vendor
IBM
Status
Cloud Pak System
Vendor
CVE Published:
4 January 2021

Summary

IBM Cloud Pak System 2.3 is prone to a cross-site scripting vulnerability that enables attackers to inject arbitrary JavaScript code into the Web UI. This exploitation could lead to unauthorized alteration of user interfaces and potential credential exposure within an authenticated session. Users must remain vigilant to this security risk, as it may compromise the integrity of sensitive user information.

Affected Version(s)

Cloud Pak System 2.3

References

https://www.ibm.com/support/pages/node/6393554
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/191390
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.