Lucene search

IBM83F53A1D05170BCE5BFE0F61D6B8CDDCC22EADA48AC8EA91C7ABC907D33AA5A1

HistoryDec 14, 2020 - 6:39 p.m.

Security Bulletin: A security vulnerability in Rails Action View affects the IBM Cloud Pak for Multicloud Management Infrastructure Management

2020-12-1418:39:49

www.ibm.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Summary

A security vulnerability in Rails Action View affects the IBM Cloud Pak for Multicloud Management Infrastructure Management .

Vulnerability Details

CVEID:CVE-2020-15169
**DESCRIPTION:**Rails Action View is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the ‘t’ and ‘translate’ parameters to execute script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188186 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Cloud Pak for Multicloud Management Infrastructure Management	2.0

Remediation/Fixes

Upgrade to IBM Cloud Pak for Multicloud Management 2.1 by following the instructions in <https://www.ibm.com/support/knowledgecenter/en/SSFC4F_2.1.0/install/upgrade.html>.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud pak for multicloud managementeq2.1

CPE	Name	Operator	Version
	ibm cloud pak for multicloud management	eq	2.1

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for 83F53A1D05170BCE5BFE0F61D6B8CDDCC22EADA48AC8EA91C7ABC907D33AA5A1