admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2020/4xxx/CVE-2020-4987.json
CVE Team a12620742a
"-Synchronized-Data."
2021-05-14 12:00:45 +00:00

93 lines
2.9 KiB
JSON
Raw Blame History

{
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"UI": "N",
"S": "C",
"AC": "L",
"I": "L",
"PR": "L",
"AV": "N",
"C": "L",
"SCORE": "6.400"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "H"
}
}
},
"data_version": "4.0",
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.6.1.2"
},
{
"version_value": "1.5.2.8"
}
]
},
"product_name": "FlashSystem 900"
}
]
}
}
]
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2021-05-03T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4987",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6449280 (FlashSystem 900)",
"name": "https://www.ibm.com/support/pages/node/6449280",
"url": "https://www.ibm.com/support/pages/node/6449280"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192702",
"name": "ibm-flashsystem-cve20204987-xss (192702)",
"refsource": "XF"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink