CVE-2020-4522
Published on: 09/02/2020 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:23:22 PM UTC
Certain versions of Doors Next from Ibm contain the following vulnerability:
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397.
- CVE-2020-4522 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.4 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 3.5 - LOW
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Security Bulletin: Multiple vulnerabilities affects IBM Jazz Foundation and IBM Engineering products. | Vendor Advisory www.ibm.com text/html | CONFIRM www.ibm.com/support/pages/node/6325343 |
IBM X-Force Exchange | VDB Entry Vendor Advisory exchange.xforce.ibmcloud.com text/html | XF ibm-doors-cve20204522-xss (182397) |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
- cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:eni:7.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:eni:7.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE