Cross site scripting

2020-12-1719:15:00

PRIOn knowledge base

www.prio-n.com

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.8%

JSON

IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190289.

CPENameOperatorVersion
security_key_lifecycle_managerge3.0.1
security_key_lifecycle_managerlt3.0.1.5
security_key_lifecycle_managerge4.0
security_key_lifecycle_managerlt4.0.0.2

Name	Operator	Version
security_key_lifecycle_manager	ge	3.0.1
security_key_lifecycle_manager	lt	3.0.1.5
security_key_lifecycle_manager	ge	4.0
security_key_lifecycle_manager	lt	4.0.0.2