Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFBA41B1026AF476134163409FA0342AF1D82FB96D8B3BF1226A867A803C6EED6
HistoryOct 28, 2020 - 5:49 p.m.

Security Bulletin: Embedded WebSphere Application Server Admin Console is vulnerable to cross-site scripting affects Content Collector for Email

2020-10-2817:49:24
www.ibm.com
9

0.001 Low

EPSS

Percentile

19.8%

JSON

Summary

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vulnerability Details

CVEID:CVE-2020-4578
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184433 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Content Collector for Email 4.0.x
Content Collector for Email 4.0.1

Remediation/Fixes

Product VRM Remediation
Content Collector for Email 4.0.1 Use Content Collector for Email 4.0.1.9 Interim Fix IF007

Workarounds and Mitigations

None

CPENameOperatorVersion
content collectoreq4.0.1

Related

ibm 35
prion 1
nessus 1
nvd 1
cve 1
cvelist 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2020-4578)
2021-01-11 12:27:49
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2020-4578)
2021-01-07 18:03:08
Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2020-4578)
2021-01-11 12:26:52
prion
prion
Cross site scripting
2020-09-10 17:15:00
nessus
nessus
IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.6 XSS (CVE-2020-4578)
2020-10-15 00:00:00
nvd
nvd
CVE-2020-4578
2020-09-10 17:15:33
cve
cve
CVE-2020-4578
2020-09-10 17:15:33
cvelist
cvelist
CVE-2020-4578
2020-09-09 00:00:00

0.001 Low

EPSS

Percentile

19.8%

JSON
Related for FBA41B1026AF476134163409FA0342AF1D82FB96D8B3BF1226A867A803C6EED6
ibm35prion1nessus1nvd1cve1cvelist1