5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
60.5%
This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability.
CVEID:CVE-2021-32809
**DESCRIPTION:**CKEditor is vulnerable to HTML injection. A remote authenticated attacker could inject malicious HTML code into the editor, which when viewed, would abuse the paste functionality and executed in the victim’s Web browser within the security context of the hosting site.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207429 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
CVEID:CVE-2021-37695
**DESCRIPTION:**CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Fake Objects plugin. A remote attacker could exploit this vulnerability using malformed Fake Objects HTML, which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207431 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
ETM | 7.0.1 |
ETM | 7.0.2 |
IBM strongly recommends addressing the vulnerability now by upgrading and applying the suggested fix that uses upgraded version of CKEditor.
Suggested :
Product(s)|**Version(s)
**|Remediation/Fix/Instructions
—|—|—
Engineering Test Management | 7.0.1|
Download and apply ETM 7.0.1 iFix23 from Fix Central here
Engineering Test Management | 7.0.2| Download and apply ETM 7.0.2 iFix24 from Fix Central here
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm engineering test management | eq | 7.0.1 | |
ibm engineering test management | eq | 7.0.2 |
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
60.5%