CVE-2020-4183 — Cross-site Scripting in IBM Security Guardium

CWE-79 — Cross-site Scripting CWE-358 — Improperly Implemented Security Check for Standard CWE-190 — Integer Overflow or Wraparound CWE-20 — Improper Input Validation CWE-203 — Observable Discrepancy CWE-74 — Injection CWE-94 — Code Injection30 documents6 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 59.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Guardium

Timeline

PublishedJun 4

Latest updateMay 24

Description

IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174739.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/security_guardium11.1

▶NVDibm/security_guardium11.1

🔴Vulnerability Details

GHSA

GHSA-g25x-fggv-ww95: IBM Security Guardium 11↗2022-05-24

▶

GHSA

Remote Code Execution in Red Discord Bot↗2020-08-21

▶

CVEList

CVE-2020-4183: IBM Security Guardium 11↗2020-06-04

▶

💥Exploits & PoCs

Exploit-DB

xuucms 3 - 'keywords' SQL Injection↗2020-11-19

▶

📋Vendor Advisories

Red Hat

chromium-browser: Insufficient data validation in media↗2020-09-21

▶

Red Hat

chromium-browser: Insufficient policy enforcement in extensions↗2020-09-21

▶

Red Hat

chromium-browser: Out of bounds write in V8↗2020-09-21

▶

Red Hat

chromium-browser: Insufficient policy enforcement in extensions↗2020-09-21

▶

Red Hat

chromium-browser: Out of bounds read in storage↗2020-09-21

▶