Cross-Site Scripting Vulnerability in IBM Maximo for Civil Infrastructure
CVE-2021-20446
5.4MEDIUM
Summary
IBM Maximo for Civil Infrastructure 7.6.2 is susceptible to a cross-site scripting flaw that enables an attacker to inject arbitrary JavaScript into the web interface. This exploitation can alter the intended functionality of the application and may result in unauthorized disclosure of user credentials during a trusted session, posing substantial risks to the integrity and confidentiality of user data.
Affected Version(s)
Maximo for Civil Infrastructure 7.6.2
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved