First published: Fri Feb 26 2021(Updated: )
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM DOORS Next | =7.0 | |
IBM DOORS Next | =7.0.1 | |
IBM DOORS Next | =7.0.2 | |
IBM Engineering Lifecycle Management | =7.0 | |
IBM Engineering Lifecycle Management | =7.0.1 | |
IBM Engineering Lifecycle Management | =7.0.2 | |
IBM Engineering Requirements Quality Assistant On-Premises | ||
IBM Engineering Test Management | =7.0.0 | |
IBM Engineering Test Management | =7.0.1 | |
IBM Engineering Test Management | =7.0.2 | |
IBM Engineering Workflow Management | =7.0 | |
IBM Engineering Workflow Management | =7.0.1 | |
IBM Engineering Workflow Management | =7.0.2 | |
IBM Global Configuration Management | ||
IBM Rational DOORS Next Generation | =6.0.2 | |
IBM Rational DOORS Next Generation | =6.0.6 | |
IBM Rational DOORS Next Generation | =6.0.6.1 | |
IBM Rational Quality Manager | =6.0.2 | |
IBM Rational Quality Manager | =6.0.6 | |
IBM Rational Quality Manager | =6.0.6.1 | |
IBM Rational Team Concert | =6.0.2 | |
IBM Rational Team Concert | =6.0.6 | |
IBM Rational Team Concert | =6.0.6.1 | |
<=6.0.2 | ||
<=7.0 | ||
<=7.0.1 | ||
<=7.0.2 | ||
<=6.0.6.1 | ||
<=6.0.6 | ||
<=7.0.1 | ||
<=7.0.2 | ||
<=7.0 | ||
<=7.0.2 | ||
<=7.0.1 | ||
<=6.0.2 | ||
<=6.0.6.1 | ||
<=7.0 | ||
<=6.0.6 | ||
<=All | ||
<=7.0.2 | ||
<=6.0.6.1 | ||
<=7.0.1 | ||
<=6.0.6 | ||
<=7.0.0 | ||
<=6.0.2 | ||
<=All |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-4856.
IBM Engineering Requirements Management DOORS Next (RDNG) versions up to 6.0.2 and DOORS Next versions up to 7.0.2 are affected.
The severity of this vulnerability is medium with a CVSS score of 6.4.
This vulnerability allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session.
Yes, you can find more information and references at the following links: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/190459) and [Link 2](https://www.ibm.com/support/pages/node/6417585).