CVE-2020-4318

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 45.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Intelligent Operations Center IBM Intelligent Operations Center FOR Emergency Management IBM Water Operations FOR Waternamics

Timeline

PublishedJul 28

Latest updateMay 24

Description

IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages5 packages

▶CVEListV5ibm/intelligent_operations_center_for_emergency_management5 versions+4

▶CVEListV5ibm/intelligent_operations_center7 versions+6

▶NVDibm/intelligent_operations_center7 versions+6

▶CVEListV5ibm/water_operations_for_waternamics7 versions+6

▶NVDibm/water_operations6 versions+5

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-4h35-wggv-9625: IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerab↗2022-05-24

▶

CVEList

CVE-2020-4318: IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerab↗2020-07-28

▶