Cross-Site Scripting Vulnerability in IBM Sterling Control Center
CVE-2023-42007
5.4MEDIUM
Summary
IBM Sterling Control Center versions 6.2.1, 6.3.1, and 6.4.0 are susceptible to a cross-site scripting (XSS) vulnerability. This issue enables attackers to inject arbitrary JavaScript into the web application's user interface, potentially compromising system integrity and allowing for the unintended disclosure of user credentials during authenticated sessions.
Affected Version(s)
Sterling Control Center 6.2.1, 6.3.1, 6.4.0
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved