CVE-2020-4297 — Cross-site Scripting in IBM Rational Doors Next Generation

CWE-79 — Cross-site Scripting5 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 60.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Doors Next Generation IBM Doors Next

Timeline

PublishedJun 19

Latest updateMay 24

Description

IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176474.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5ibm/rational_doors_next_generation4 versions+3

▶NVDibm/rational_doors_next_generation6.0.2, 6.0.6, 6.0.6.1+2

▶NVDibm/doors_next7.0

🔴Vulnerability Details

GHSA

GHSA-qqmf-49x5-v6mm: IBM DOORS Next Generation (DNG/RRC) 6↗2022-05-24

▶

CVEList

CVE-2020-4297: IBM DOORS Next Generation (DNG/RRC) 6↗2020-06-19

▶

💬Community

Bugzilla

CVE-2020-2252 jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin could result in MITM↗2020-09-18

▶

Bugzilla

CVE-2020-2255 jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests.↗2020-09-18

▶