Stored Cross-Site Scripting Vulnerability in IBM Engineering Lifecycle Optimization - Publishing
CVE-2020-4977

5.4MEDIUM

Key Information:

Vendor

IBM
Status
Rational Quality Manager
Rational Rhapsody Model Manager
Engineering Test Management
Rational Doors Next Generation
Vendor
CVE Published:
2 June 2021

What is CVE-2020-4977?

IBM Engineering Lifecycle Optimization - Publishing contains a vulnerability that allows for stored cross-site scripting. This flaw enables an attacker to inject arbitrary JavaScript code into the Web UI. Once executed, this could potentially manipulate user sessions leading to unauthorized data access or credential disclosure within a trusted context. It is crucial for users of this product to remain vigilant and apply necessary security measures to mitigate this risk.

Affected Version(s)

Engineering Lifecycle Optimization 7.0

Engineering Lifecycle Optimization 7.0.1

Engineering Lifecycle Optimization 7.0.2

References

https://www.ibm.com/support/pages/node/6457739
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/192470
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.