First published: Fri Mar 11 2022(Updated: )
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214534.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Spectrum Copy Data Management | >=2.2.0.0<2.2.15.0 | |
IBM Spectrum Copy Data Management | <=2.2.0.0-2.2.14.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this IBM Spectrum Copy Data Management vulnerability is CVE-2021-39055.
The severity level of CVE-2021-39055 is medium with a CVSS score of 5.4.
IBM Spectrum Copy Data Management versions 2.2.0.0-2.2.14.3 are affected by CVE-2021-39055.
CVE-2021-39055 poses a risk of cross-site scripting (XSS) vulnerability in the IBM Spectrum Copy Data Management Web UI, potentially leading to credentials disclosure within a trusted session.
To fix CVE-2021-39055, users should update IBM Spectrum Copy Data Management to a version that is not affected by this vulnerability.