First published: Mon Sep 21 2020(Updated: )
IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184928.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Data Risk Manager | <2.0.6.4 | |
IBM Data Risk Manager | <=2.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-4615 is medium with a severity value of 5.4.
CVE-2020-4615 allows users to embed arbitrary JavaScript code in the Web UI of IBM Data Risk Manager, potentially leading to credentials disclosure within a trusted session.
The Common Weakness Enumeration (CWE) ID for CVE-2020-4615 is CWE-79.
To fix CVE-2020-4615, apply the patch provided by IBM for IBM Data Risk Manager version 2.0.6.
More information about CVE-2020-4615 can be found on the IBM X-Force Exchange and the IBM Support website.