MEDIUM🇵🇱 Wersja polska

CVE-2020-4975

CVSS 5.4v3.1pub. 2021-03-04upd. 2024-11-21

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • IBM Doors Next

    APP
    Ibm
    7.07.0.17.0.2
  • IBM Engineering Lifecycle Management

    APP
    Ibm
    7.07.0.17.0.2
  • IBM Engineering Requirements Quality Assistant On Premises

    APP
    Ibm
    wszystkie wersje
  • IBM Engineering Test Management

    APP
    Ibm
    7.0.07.0.17.0.2
  • IBM Engineering Workflow Management

    APP
    Ibm
    7.07.0.17.0.2
  • IBM Global Configuration Management

    APP
    Ibm
    wszystkie wersje
  • IBM Rational Doors Next Generation

    APP
    Ibm
    6.0.26.0.66.0.6.1
  • IBM Rational Quality Manager

    APP
    Ibm
    6.0.26.0.66.0.6.1
  • IBM Rational Team Concert

    APP
    Ibm
    6.0.26.0.66.0.6.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2026-3660CRITICAL9.8PL ✓ten sam produkt

IBM Engineering Lifecycle Management — nieautoryzowany zapis plików konfiguracyjnych serwera

CVE-2024-41787CRITICAL9.8PL ✓ten sam produkt

RCE poprzez race condition w IBM DOORS Next — CVE-2024-41787

CVE-2026-4051HIGH7.2ten sam produkt

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privi...

CVE-2026-3603HIGH7.1ten sam produkt

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through  Interim Fix 021, 7.1.0  Interim Fix 001 th...

CVE-2023-45192HIGH8.2ten sam produkt

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Inj...