CVE-2020-4820

Description

IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS breakdown

CVSS 3.0

Attack Complexity

Low

User Interaction

Required

Availability

None

Scope

Changed

Privileges Required

None

Attack Vector

Network

Confidentiality

Low

Integrity

Low

Changed

High

Affected products

ibm / cloud_pak_for_security1.4.0.0 – 1.4.0.0

References

MISChttps://www.ibm.com/support/pages/node/6408664
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/189783