Cross-Site Scripting Vulnerability in IBM Spectrum Copy Data Management
CVE-2021-39055

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Copy Data Management
Vendor: CVE Published:; 14 March 2022

Summary

IBM Spectrum Copy Data Management versions 2.2.0.0 to 2.2.14.3 are affected by a cross-site scripting vulnerability, allowing unauthorized users to inject arbitrary JavaScript into the Web UI. This alteration can compromise intended functionalities and may lead to the disclosure of sensitive user credentials during established sessions. Users are encouraged to review their configurations and apply necessary updates to mitigate this issue. For more information, visit the IBM support page.

Affected Version(s)

Spectrum Copy Data Management 2.2.0.0

Spectrum Copy Data Management 2.2.14.3

References

https://www.ibm.com/support/pages/node/6562479

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/214534

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 14, 2022
Vulnerability Reserved
Aug 16, 2021