Lucene search

[email protected]NVD:CVE-2020-26517

HistoryJun 08, 2021 - 1:15 p.m.

CVE-2020-26517

2021-06-0813:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2020-26517

cross-site scripting

intland codebeamer alm

webdav

user import

admin

security vulnerability

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and changing the login text in the application configuration (Admin only).

Affected configurations

Nvd

Node

intlandcodebeamerMatch10.0.0-

intlandcodebeamerMatch10.0.0prerelease4

intlandcodebeamerMatch10.0.0rc1

intlandcodebeamerMatch10.0.0sp1

intlandcodebeamerMatch10.0.0sp2

intlandcodebeamerMatch10.0.1sp1

intlandcodebeamerMatch10.1.0-

intlandcodebeamerMatch10.1.0sp1

intlandcodebeamerMatch10.1.0sp2

intlandcodebeamerMatch10.1.0sp3

intlandcodebeamerMatch10.1.0sp4

intlandcodebeamerMatch21.04

VendorProductVersionCPE
intlandcodebeamer10.0.0cpe:2.3:a:intland:codebeamer:10.0.0:-:*:*:*:*:*:*
intlandcodebeamer10.0.0cpe:2.3:a:intland:codebeamer:10.0.0:prerelease4:*:*:*:*:*:*
intlandcodebeamer10.0.0cpe:2.3:a:intland:codebeamer:10.0.0:rc1:*:*:*:*:*:*
intlandcodebeamer10.0.0cpe:2.3:a:intland:codebeamer:10.0.0:sp1:*:*:*:*:*:*
intlandcodebeamer10.0.0cpe:2.3:a:intland:codebeamer:10.0.0:sp2:*:*:*:*:*:*
intlandcodebeamer10.0.1cpe:2.3:a:intland:codebeamer:10.0.1:sp1:*:*:*:*:*:*
intlandcodebeamer10.1.0cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:*
intlandcodebeamer10.1.0cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:*
intlandcodebeamer10.1.0cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:*
intlandcodebeamer10.1.0cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:*

Vendor	Product	Version	CPE
intland	codebeamer	10.0.0	cpe:2.3:a:intland:codebeamer:10.0.0:-::::::
intland	codebeamer	10.0.0	cpe:2.3:a:intland:codebeamer:10.0.0:prerelease4::::::
intland	codebeamer	10.0.0	cpe:2.3:a:intland:codebeamer:10.0.0:rc1::::::
intland	codebeamer	10.0.0	cpe:2.3:a:intland:codebeamer:10.0.0:sp1::::::
intland	codebeamer	10.0.0	cpe:2.3:a:intland:codebeamer:10.0.0:sp2::::::
intland	codebeamer	10.0.1	cpe:2.3:a:intland:codebeamer:10.0.1:sp1::::::
intland	codebeamer	10.1.0	cpe:2.3:a:intland:codebeamer:10.1.0:-::::::
intland	codebeamer	10.1.0	cpe:2.3:a:intland:codebeamer:10.1.0:sp1::::::
intland	codebeamer	10.1.0	cpe:2.3:a:intland:codebeamer:10.1.0:sp2::::::
intland	codebeamer	10.1.0	cpe:2.3:a:intland:codebeamer:10.1.0:sp3::::::

Rows per page:

1-10 of 121

References

intland.com/codebeamer/application-lifecycle-management/

www.compass-security.com/fileadmin/Research/Advisories/2021-10_CSNC-2020-012-codebeamer_ALM_XSS.txt

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

Related for NVD:CVE-2020-26517

cvelist1 prion1 cve1