Описание
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.3:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00088
Низкий
6.1 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-1022
NVD-CWE-Other
Связанные уязвимости
CVSS3: 6.1
github
около 1 года назад
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.
EPSS
Процентиль: 26%
0.00088
Низкий
6.1 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-1022
NVD-CWE-Other