Cross-Site Scripting Vulnerability in IBM Maximo for Civil Infrastructure
CVE-2021-20446

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
18 February 2021

Summary

IBM Maximo for Civil Infrastructure 7.6.2 is susceptible to a cross-site scripting flaw that enables an attacker to inject arbitrary JavaScript into the web interface. This exploitation can alter the intended functionality of the application and may result in unauthorized disclosure of user credentials during a trusted session, posing substantial risks to the integrity and confidentiality of user data.

Affected Version(s)

Maximo for Civil Infrastructure 7.6.2

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.