CVE-2020-5031
MEDIUMIBM Engineering Lifecycle Optimization - XSS
Title source: ruleDescription
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738.
Scores
CVSS v3
5.4
EPSS
0.0016
EPSS Percentile
37.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
published
Affected Products (16)
ibm/engineering_lifecycle_optimization
ibm/engineering_lifecycle_optimization
ibm/engineering_lifecycle_optimization
ibm/engineering_workflow_management
ibm/engineering_workflow_management
ibm/engineering_workflow_management
ibm/rational_collaborative_lifecycle_management
ibm/rational_collaborative_lifecycle_management
ibm/rational_doors_next_generation
ibm/rational_doors_next_generation
ibm/rational_doors_next_generation
ibm/rational_engineering_lifecycle_manager
ibm/rational_engineering_lifecycle_manager
ibm/rational_engineering_lifecycle_manager
ibm/rational_team_concert
... and 1 more
Timeline
Published
Jul 19, 2021
Tracked Since
Feb 18, 2026