Embedded WebSphere Application Server is affected by vulnerability in Dojo affects Content Collector for Email.
CVEID:CVE-2020-5258
**DESCRIPTION:**Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By injecting other values, an attacker could exploit this vulnerability to overwrite, or pollute, a JavaScript application object prototype of the base object.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177751 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
Content Collector for Email | 4.0.x |
Product | VRM | Remediation |
---|---|---|
Content Collector for Email | 4.0.1 | Use Content Collector for Email 4.0.1.9 Interim Fix IF010 |
Content Collector for Email | 4.0.1 | |
Use Content Collector for Email 4.0.1.12 Interim Fix IF001 |
None