Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA841EFF404033BBEC35334145DFE7B71F4D37926641A4C831C7237486B2D4BAB
HistoryJun 13, 2021 - 11:54 p.m.

Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Operations Analytics Predictive Insights (CVE-2020-13947)

2021-06-1323:54:39
www.ibm.com
8

0.045 Low

EPSS

Percentile

92.5%

JSON

Summary

Apache ActiveMQ is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2020-13947
**DESCRIPTION:**Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the message.jsp script. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196373 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Operations Analytics Predictive Insights All

Remediation/Fixes

Apply 1.3.6 Interim Fix 3
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics±+Predictive+Insights&release=1.3.6

Note that for versions earlier than 1.3.6, ONLY the UI component should be updated using this interim fix. Nothing else in the interim fix is relevant to this bulletin.

Workarounds and Mitigations

None

Related

osv 3
cve 1
openvas 1
github 1
debiancve 1
ubuntucve 1
prion 1
veracode 1
checkpoint_advisories 1
nvd 1
cvelist 1
nessus 1
ibm 2
oracle 2
osv
osv
BIT-activemq-2020-13947
2024-03-06 10:51:24
CVE-2020-13947
2021-02-08 22:15:12
Cross-site scripting (XSS) in Apache ActiveMQ
2022-02-09 22:01:32
cve
cve
CVE-2020-13947
2021-02-08 22:15:12
openvas
openvas
Apache ActiveMQ < 5.15.13, 5.16.0 < 5.16.1 XSS Vulnerability
2021-02-10 00:00:00
github
github
Cross-site scripting (XSS) in Apache ActiveMQ
2022-02-09 22:01:32
debiancve
debiancve
CVE-2020-13947
2021-02-08 22:15:12
ubuntucve
ubuntucve
CVE-2020-13947
2021-02-08 00:00:00
prion
prion
Cross site scripting
2021-02-08 22:15:00
veracode
veracode
Cross-Site Scripting (XSS)
2022-11-23 21:47:32
checkpoint_advisories
checkpoint_advisories
Apache ActiveMQ message.jsp Cross-Site Scripting (CVE-2020-13947)
2021-03-15 00:00:00
nvd
nvd
CVE-2020-13947
2021-02-08 22:15:12
cvelist
cvelist
CVE-2020-13947
2021-02-08 21:25:27
nessus
nessus
Apache ActiveMQ 5.x < 5.15.14 / 5.16.x < 5.16.1 Multiple Vulnerabilities
2021-02-03 00:00:00
ibm
ibm
Security Bulletin: IBM Security Directory Integrator is affected by multiple security vulnerabilities
2023-06-22 16:30:54
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
2023-06-06 18:05:17
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00

0.045 Low

EPSS

Percentile

92.5%

JSON
Related for A841EFF404033BBEC35334145DFE7B71F4D37926641A4C831C7237486B2D4BAB
osv3cve1openvas1github1debiancve1ubuntucve1prion1veracode1checkpoint_advisories1nvd1cvelist1nessus1ibm2oracle2