Stored Cross-Site Scripting Vulnerability in IBM Engineering Lifecycle Optimization - Publishing
CVE-2020-4977
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Status
- Vendor
- CVE Published:
- 2 June 2021
Summary
IBM Engineering Lifecycle Optimization - Publishing contains a vulnerability that allows for stored cross-site scripting. This flaw enables an attacker to inject arbitrary JavaScript code into the Web UI. Once executed, this could potentially manipulate user sessions leading to unauthorized data access or credential disclosure within a trusted context. It is crucial for users of this product to remain vigilant and apply necessary security measures to mitigate this risk.
Affected Version(s)
Engineering Lifecycle Optimization 7.0
Engineering Lifecycle Optimization 7.0.1
Engineering Lifecycle Optimization 7.0.2
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved