CVE-2020-4987

Опубликовано: 04 мая 2021

Источник: nvd

CVSS3: 6.4

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/192702
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6449280
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/192702
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6449280
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:ibm:flashsystem_900_firmware:*:*:*:*:*:*:*:*

Версия до 1.5.2.9 (исключая)

cpe:2.3:o:ibm:flashsystem_900_firmware:*:*:*:*:*:*:*:*

Версия от 1.6.0.0 (включая) до 1.6.1.3 (исключая)

cpe:2.3:h:ibm:flashsystem_900:-:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00105

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-ccmm-6836-3vxj

github

больше 3 лет назад

IBM FlashSystem 900 1.5.2.9 and 1.6.1.3 user management GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192702.

EPSS

Процентиль: 29%

0.00105

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79