Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products
CVE-2020-5004

5.4MEDIUM

Key Information:

Summary

IBM Jazz Foundation products exhibit a cross-site scripting vulnerability which permits the injection of arbitrary JavaScript code via the Web UI. This flaw compromises the intended functionality of the interface, potentially enabling an attacker to extract sensitive information, including user credentials, from trusted sessions. Users must be vigilant to ensure their environments are secured against this potential exploit.

Affected Version(s)

Engineering Lifecycle Optimization 7.0

Engineering Lifecycle Optimization 7.0.1

Engineering Lifecycle Optimization 7.0.2

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.