1. Home
  2. CVE Database
  3. CVE-2020-4855
MEDIUM · 5.4

CVE-2020-4855

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall...

Vulnerability Description

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
IbmCollaborative Lifecycle Management6.0.2
IbmEngineering Insights7.0
IbmEngineering Lifecycle Management7.0
IbmEngineering Requirements Management Doors Next6.0.2
IbmEngineering Test Management7.0.0
IbmEngineering Workflow Management6.0.2
IbmGlobal Configuration ManagementAll versions
IbmRational Engineering Lifecycle Manager6.0.2
IbmRational Quality Manager6.0.2
IbmRhapsody Design Manager6.0.2
IbmRhapsody Model Manager6.0.2

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2020-4855?

CVE-2020-4855 is a vulnerability with a CVSS score of 5.4 (MEDIUM). IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall...

How severe is CVE-2020-4855?

CVE-2020-4855 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-4855?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Collaborative Lifecycle Management, Ibm Engineering Insights, Ibm Engineering Lifecycle Management, Ibm Engineering Requirements Management Doors Next, Ibm Engineering Test Management.