Lucene search
IBM2143EDFF2347C05F12253654DEFB43D21E78BF47BF2F7A50B7E15BE6580C5B3AHistoryOct 05, 2020 - 5:38 p.m.
Security Bulletin: Cross-Site Scripting (XSS) fixed in IBM Security Access Manager 9.0.7.2 (CVE-2019-4725)
2020-10-0517:38:28
www.ibm.com
12
EPSS
0.001
Percentile
29.7%
Summary
A Cross-Site Scripting vulnerability reported in IBM Security Access Manager 9.0.7.0_IF1 was fixed in IBM Security Access Manager 9.0.7.2
Vulnerability Details
CVEID:CVE-2019-4725
**DESCRIPTION:**IBM Security Access Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172131 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| ISAM | 9.0 |
Remediation/Fixes
| Product Name | VRMF | APAR | Remediation/First Fix |
|---|---|---|---|
| IBM Security Access Manager | 9.0.7.2 | IJ27953 | fix pack: 9.0.7-ISS-ISAM-FP0002 |
Workarounds and Mitigations
None
Related
cve
cve
CVE-2019-4725
2020-10-06 16:15:12
nvd
nvd
CVE-2019-4725
2020-10-06 16:15:12
cvelist
cvelist
CVE-2019-4725
2020-10-05 00:00:00
prion
prion
Cross site scripting
2020-10-06 16:15:00
EPSS
0.001
Percentile
29.7%
Related for 2143EDFF2347C05F12253654DEFB43D21E78BF47BF2F7A50B7E15BE6580C5B3A