MEDIUM🇵🇱 Wersja polska

CVE-2020-4920

CVSS 5.4v3.1pub. 2021-04-12upd. 2024-11-21

IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • IBM Collaborative Lifecycle Management

    APP
    Ibm
    6.0.26.0.66.0.6.1
  • IBM Doors Next

    APP
    Ibm
    7.0.07.0.17.0.2
  • IBM Engineering Insights

    APP
    Ibm
    7.0.07.0.17.0.2
  • IBM Engineering Lifecycle Management

    APP
    Ibm
    7.0.07.0.17.0.2
  • IBM Engineering Requirements Management Doors Next

    APP
    Ibm
    6.0.26.0.66.0.6.1
  • IBM Engineering Test Management

    APP
    Ibm
    7.0.07.0.17.0.2
  • IBM Engineering Workflow Management

    APP
    Ibm
    7.0.07.0.17.0.2
  • IBM Rational Engineering Lifecycle Manager

    APP
    Ibm
    6.0.26.0.66.0.6.1
  • IBM Rational Quality Manager

    APP
    Ibm
    6.0.26.0.66.0.6.1
  • IBM Rational Team Concert

    APP
    Ibm
    6.0.26.0.66.0.6.1
  • IBM Removable Media Management

    APP
    Ibm
    6.0.26.0.66.0.6.17.0.07.0.1
  • IBM Rhapsody Model Manager

    APP
    Ibm
    6.0.26.0.66.0.6.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2026-3660CRITICAL9.8PL ✓ten sam produkt

IBM Engineering Lifecycle Management — nieautoryzowany zapis plików konfiguracyjnych serwera

CVE-2024-41787CRITICAL9.8PL ✓ten sam produkt

RCE poprzez race condition w IBM DOORS Next — CVE-2024-41787

CVE-2026-3603HIGH7.1ten sam produkt

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through  Interim Fix 021, 7.1.0  Interim Fix 001 th...

CVE-2026-4051HIGH7.2ten sam produkt

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privi...

CVE-2024-41771HIGH7.5ten sam produkt

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to down...