Lucene search

IbmCVELIST:CVE-2020-4663

HistoryJan 08, 2021 - 2:45 p.m.

CVE-2020-4663

2021-01-0814:45:25

ibm

www.cve.org

ibm

engineering requirements

quality assistant

cross-site scripting

javascript

web ui

credentials disclosure.

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C

EPSS

0.001

Percentile

19.6%

JSON

IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186234.

CNA Affected

[
  {
    "product": "Engineering Requirements Quality Assistant",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "On-Premises"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/186234

www.ibm.com/support/pages/node/6398724