CVE-2020-4358: XSS
First published: Wed May 27 2020(Updated: )
IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Scale | >=5.0.0.0<=5.0.4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this IBM Spectrum Scale vulnerability?
The vulnerability ID for this IBM Spectrum Scale vulnerability is CVE-2020-4358.
What is the severity rating of CVE-2020-4358?
CVE-2020-4358 has a severity rating of medium (5.4).
How does CVE-2020-4358 affect IBM Spectrum Scale?
CVE-2020-4358 allows users to embed arbitrary JavaScript code in the Web UI of IBM Spectrum Scale, potentially leading to credentials disclosure within a trusted session.
What is the affected version range of IBM Spectrum Scale for CVE-2020-4358?
IBM Spectrum Scale versions 5.0.0.0 through 5.0.4.4 are affected by CVE-2020-4358.
Is there a fix available for CVE-2020-4358?
Please refer to the IBM support page (https://www.ibm.com/support/pages/node/6214481) for information on available fixes for CVE-2020-4358.
- collector/nvd-index
- agent/references
- vendor/ibm
- canonical/ibm spectrum scale
- version/ibm spectrum scale/5.0.0.0
- version/ibm spectrum scale/5.0.4.4