Lucene search

[email protected]NVD:CVE-2020-5030

HistoryJun 02, 2021 - 9:15 p.m.

CVE-2020-5030

2021-06-0221:15:07

CWE-79

[email protected]

web.nvd.nist.gov

ibm

products

xss

vulnerability

arbitrary code

injection

web ui

credentials disclosure

trusted session

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

19.6%

JSON

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193737.

Affected configurations

Nvd

Node

ibmcollaborative_lifecycle_managementMatch6.0.6

ibmcollaborative_lifecycle_managementMatch6.0.6.1

ibmengineering_lifecycle_managementMatch7.0

ibmengineering_lifecycle_managementMatch7.0.1

ibmengineering_lifecycle_managementMatch7.0.2

ibmengineering_lifecycle_optimization_-_engineering_insightsMatch7.0

ibmengineering_lifecycle_optimization_-_engineering_insightsMatch7.0.1

ibmengineering_lifecycle_optimization_-_engineering_insightsMatch7.0.2

ibmengineering_lifecycle_optimization_-_publishingMatch7.0

ibmengineering_lifecycle_optimization_-_publishingMatch7.0.1

ibmengineering_lifecycle_optimization_-_publishingMatch7.0.2

ibmengineering_test_managementMatch7.0.0

ibmengineering_test_managementMatch7.0.1

ibmrational_doors_next_generationMatch6.0.6

ibmrational_doors_next_generationMatch6.0.6.1

ibmrational_doors_next_generationMatch7.0

ibmrational_doors_next_generationMatch7.0.1

ibmrational_doors_next_generationMatch7.0.2

ibmrational_engineering_lifecycle_managerMatch6.0.6

ibmrational_engineering_lifecycle_managerMatch6.0.6.1

ibmrational_quality_managerMatch6.0.6

ibmrational_quality_managerMatch6.0.6.1

ibmremovable_media_managerMatch6.0.6

ibmremovable_media_managerMatch6.0.6.1

ibmremovable_media_managerMatch7.0

VendorProductVersionCPE
ibmcollaborative_lifecycle_management6.0.6cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*
ibmcollaborative_lifecycle_management6.0.6.1cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*
ibmengineering_lifecycle_management7.0cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*
ibmengineering_lifecycle_management7.0.1cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*
ibmengineering_lifecycle_management7.0.2cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*
ibmengineering_lifecycle_optimization_-_engineering_insights7.0cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*
ibmengineering_lifecycle_optimization_-_engineering_insights7.0.1cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*
ibmengineering_lifecycle_optimization_-_engineering_insights7.0.2cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*
ibmengineering_lifecycle_optimization_-_publishing7.0cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:*
ibmengineering_lifecycle_optimization_-_publishing7.0.1cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	collaborative_lifecycle_management	6.0.6	cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:::::::*
ibm	collaborative_lifecycle_management	6.0.6.1	cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:::::::*
ibm	engineering_lifecycle_management	7.0	cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:::::::*
ibm	engineering_lifecycle_management	7.0.1	cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:::::::*
ibm	engineering_lifecycle_management	7.0.2	cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:::::::*
ibm	engineering_lifecycle_optimization_-_engineering_insights	7.0	cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:::::::*
ibm	engineering_lifecycle_optimization_-_engineering_insights	7.0.1	cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:::::::*
ibm	engineering_lifecycle_optimization_-_engineering_insights	7.0.2	cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:::::::*
ibm	engineering_lifecycle_optimization_-_publishing	7.0	cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:::::::*
ibm	engineering_lifecycle_optimization_-_publishing	7.0.1	cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:::::::*

Rows per page:

1-10 of 251

References

exchange.xforce.ibmcloud.com/vulnerabilities/193737

www.ibm.com/support/pages/node/6457739

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

19.6%

JSON

Related for NVD:CVE-2020-5030

cve1 prion1 cvelist1 ibm1