Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2020-5004

Published

2 years ago

Last Modified

2 years ago

CVSSv2.0 Severity

Low

CVSSv3.1 Severity

Medium

Impact Analysis

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957..

CVSSv2.0 Score

Severity: Low
Base Score: 3.5/10
Exploit Score: 6.8/10
Access Vector: Network
Access Complexity: Medium
Authentication Required: Single
Impact Score: 2.9/10
Confidentiality Impact: None
Availability Impact: None
Integrity Impact: Partial

CVSSv3.1 Score

Severity: Medium
Base Score: 5.4/10
Exploit Score: 2.3/10
Access Vector: Network
Access Complexity: Low
Privileges Required: Low
Impact Score: 2.7/10
Confidentiality Impact: Low
Availability Impact: None
Integrity Impact: Low
Scope: Changed
User Interaction: Required

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.	Yes	-	-
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1::::	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_quality_manager:6.0.6:::::::*	Yes	-	-
cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:::::::*	Yes	-	-
cpe:2.3:a:ibm:rational_team_concert:6.0.6:::::::*	Yes	-	-
cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:::::::*	Yes	-	-
cpe:2.3:a:ibm:engineering_workflow_management:7.0:::::*:	Yes	-	-
cpe:2.3:a:ibm:engineering_test_management:7.0.0:::::::	Yes	-	-
cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:::::	Yes	-	-
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*	Yes	-	-
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1	Yes	-	-
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.	Yes	-	-
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.	Yes	-	-
cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-	Yes	-	-
cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:::::	Yes	-	-
cpe:2.3:a:ibm:engineering_test_management:7.0.1:::::::	Yes	-	-
cpe:2.3:a:ibm:engineering_test_management:7.0.2:::::::	Yes	-	-
cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineeri	Yes	-	-
cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineeri	Yes	-	-
cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineeri	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:7.0::::::	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:::::*	Yes	-	-
cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:::::*	Yes	-	-

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2020-5004

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2020-5004

CVE information

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References