IBM46D80F30E338C413D0D5D64020E6F534151234E08884F86374AC419ADB557A8ESecurity Bulletin: A vulnerability has been identified in IBM Cloud Pak for Applications v4.3 which may expose a cross-site scripting attack.
EPSS
Percentile
19.6%
Summary
A vulnerability has been identified in IBM Cloud Pak for Applications v4.3 which may expose a cross-site scripting attack.
Vulnerability Details
CVEID:CVE-2021-20363
**DESCRIPTION:**IBM Cloud Pak for Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195034 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Cloud Pak for Applications | All |
Remediation/Fixes
IBM Cloud Pak for Applications 4.3.1 is updated to not allow users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Workarounds and Mitigations
None
Related
EPSS
Percentile
19.6%