Cross-Site Scripting Vulnerability in IBM Control Desk
CVE-2021-20559

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Control Desk
Vendor: CVE Published:; 10 May 2021

Summary

IBM Control Desk versions 7.6.1.2 and 7.6.1.3 are susceptible to a cross-site scripting vulnerability, enabling attackers to inject malicious JavaScript code into the Web UI. This flaw could compromise user sessions, potentially leading to unauthorized access or credential disclosure. Users are advised to apply necessary patches to mitigate associated risks.

Affected Version(s)

Control Desk 7.6.1.2

Control Desk 7.6.1.3

References

https://www.ibm.com/support/pages/node/6450759

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/199228

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 10, 2021
Vulnerability Reserved
Dec 17, 2020