CVE-2021-20559: XSS
First published: Mon May 10 2021(Updated: )
IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Control Desk | =7.6.1.2 | |
| IBM Control Desk | =7.6.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2021-20559.
What is the severity level of CVE-2021-20559?
The severity level of CVE-2021-20559 is medium (5.4).
How does the vulnerability in IBM Control Desk 7.6.1.2 and 7.6.1.3 work?
The vulnerability in IBM Control Desk 7.6.1.2 and 7.6.1.3 allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session.
What is the Common Weakness Enumeration (CWE) ID associated with CVE-2021-20559?
The Common Weakness Enumeration (CWE) ID associated with CVE-2021-20559 is CWE-79.
How can I fix the cross-site scripting vulnerability in IBM Control Desk 7.6.1.2 and 7.6.1.3?
To fix the cross-site scripting vulnerability in IBM Control Desk 7.6.1.2 and 7.6.1.3, apply the necessary patches or updates provided by IBM.
- collector/nvd-index
- vendor/ibm
- canonical/ibm control desk
- version/ibm control desk/7.6.1.2
- version/ibm control desk/7.6.1.3