Stored Cross-Site Scripting Vulnerability in IBM FlashSystem 900 User Management GUI
CVE-2020-4987
6.4MEDIUM
Summary
The IBM FlashSystem 900 user management graphical user interface (GUI) has a vulnerability that allows attackers to utilize stored cross-site scripting techniques. This issue affects code versions 1.5.2.8 and earlier, as well as versions 1.6.1.2 and earlier. By manipulating the Web UI, malicious users can insert arbitrary JavaScript code, which can alter the functionality of the application and potentially lead to unauthorized access or disclosure of sensitive credentials during a trusted session.
Affected Version(s)
FlashSystem 900 1.6.1.2
FlashSystem 900 1.5.2.8
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved