Cross-Site Scripting Vulnerability in IBM Engineering Lifecycle Optimization - Publishing
CVE-2021-39015

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Engineering Lifecycle Optimization Publishing
Vendor: CVE Published:; 14 July 2022

Summary

IBM Engineering Lifecycle Optimization - Publishing versions 7.0, 7.0.1, and 7.0.2 are susceptible to a cross-site scripting vulnerability. This flaw allows attackers to inject malicious JavaScript code into the web interface. When executed, this code can alter the normal functioning of the application, potentially leading to unauthorized actions, including credential disclosure within a trusted user session. It is incumbent upon users to secure their applications against this vulnerability to prevent exploitation.

Affected Version(s)

Engineering Lifecycle Optimization Publishing 7.0

Engineering Lifecycle Optimization Publishing 7.0.1

Engineering Lifecycle Optimization Publishing 7.0.2

References

https://www.ibm.com/support/pages/node/6603333

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/213655

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 14, 2022
Vulnerability Reserved
Aug 16, 2021