Lucene search

MitreCVE-2020-26517

HistoryJun 08, 2021 - 1:15 p.m.

CVE-2020-26517

2021-06-0813:15:07

CWE-79

mitre

web.nvd.nist.gov

cwe-79

xss

intland codebeamer

alm

webdav

file upload

users import

application configuration

security vulnerability

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

24.8%

JSON

A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and changing the login text in the application configuration (Admin only).

Affected configurations

Nvd

Node

intlandcodebeamerMatch10.0.0-

intlandcodebeamerMatch10.0.0prerelease4

intlandcodebeamerMatch10.0.0rc1

intlandcodebeamerMatch10.0.0sp1

intlandcodebeamerMatch10.0.0sp2

intlandcodebeamerMatch10.0.1sp1

intlandcodebeamerMatch10.1.0-

intlandcodebeamerMatch10.1.0sp1

intlandcodebeamerMatch10.1.0sp2

intlandcodebeamerMatch10.1.0sp3

intlandcodebeamerMatch10.1.0sp4

intlandcodebeamerMatch21.04

VendorProductVersionCPE
intlandcodebeamer10.0.0cpe:2.3:a:intland:codebeamer:10.0.0:-:*:*:*:*:*:*
intlandcodebeamer10.0.0cpe:2.3:a:intland:codebeamer:10.0.0:prerelease4:*:*:*:*:*:*
intlandcodebeamer10.0.0cpe:2.3:a:intland:codebeamer:10.0.0:rc1:*:*:*:*:*:*
intlandcodebeamer10.0.0cpe:2.3:a:intland:codebeamer:10.0.0:sp1:*:*:*:*:*:*
intlandcodebeamer10.0.0cpe:2.3:a:intland:codebeamer:10.0.0:sp2:*:*:*:*:*:*
intlandcodebeamer10.0.1cpe:2.3:a:intland:codebeamer:10.0.1:sp1:*:*:*:*:*:*
intlandcodebeamer10.1.0cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:*
intlandcodebeamer10.1.0cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:*
intlandcodebeamer10.1.0cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:*
intlandcodebeamer10.1.0cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:*

Vendor	Product	Version	CPE
intland	codebeamer	10.0.0	cpe:2.3:a:intland:codebeamer:10.0.0:-::::::
intland	codebeamer	10.0.0	cpe:2.3:a:intland:codebeamer:10.0.0:prerelease4::::::
intland	codebeamer	10.0.0	cpe:2.3:a:intland:codebeamer:10.0.0:rc1::::::
intland	codebeamer	10.0.0	cpe:2.3:a:intland:codebeamer:10.0.0:sp1::::::
intland	codebeamer	10.0.0	cpe:2.3:a:intland:codebeamer:10.0.0:sp2::::::
intland	codebeamer	10.0.1	cpe:2.3:a:intland:codebeamer:10.0.1:sp1::::::
intland	codebeamer	10.1.0	cpe:2.3:a:intland:codebeamer:10.1.0:-::::::
intland	codebeamer	10.1.0	cpe:2.3:a:intland:codebeamer:10.1.0:sp1::::::
intland	codebeamer	10.1.0	cpe:2.3:a:intland:codebeamer:10.1.0:sp2::::::
intland	codebeamer	10.1.0	cpe:2.3:a:intland:codebeamer:10.1.0:sp3::::::

Rows per page:

1-10 of 121

References

intland.com/codebeamer/application-lifecycle-management/

www.compass-security.com/fileadmin/Research/Advisories/2021-10_CSNC-2020-012-codebeamer_ALM_XSS.txt

Social References

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

24.8%

JSON

Related for CVE-2020-26517