Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for Engineering Requirements Quality Assistant by IBM
CVE-2021-29899 (GCVE-0-2021-29899)
Vulnerability from cvelistv5 – Published: 2022-03-18 15:40 – Updated: 2024-09-16 17:43
VLAI
Summary
IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413.
Severity
CWE
- Denial of Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6564317 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant |
Affected:
On-Premises
|
Date Public
2022-03-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6564317"
},
{
"name": "ibm-engineering-cve202129899-dos (207413)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "On-Premises"
}
]
}
],
"datePublic": "2022-03-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/AC:L/PR:L/I:N/A:H/AV:N/C:N/UI:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T15:40:14.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6564317"
},
{
"name": "ibm-engineering-cve202129899-dos (207413)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207413"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-17T00:00:00",
"ID": "CVE-2021-29899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant",
"version": {
"version_data": [
{
"version_value": "On-Premises"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6564317",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6564317 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6564317"
},
{
"name": "ibm-engineering-cve202129899-dos (207413)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29899",
"datePublished": "2022-03-18T15:40:14.510Z",
"dateReserved": "2021-03-31T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:43:30.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4667 (GCVE-0-2020-4667)
Vulnerability from cvelistv5 – Published: 2021-01-08 14:45 – Updated: 2024-09-17 00:45
VLAI
Summary
IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282.
Severity
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6398724 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant |
Affected:
On-Premises
|
Date Public
2021-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204667-info-disc (186282)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "On-Premises"
}
]
}
],
"datePublic": "2021-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/A:N/UI:N/AV:N/S:U/I:N/PR:L/C:L/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T14:45:27.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204667-info-disc (186282)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant",
"version": {
"version_data": [
{
"version_value": "On-Premises"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398724",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398724 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204667-info-disc (186282)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4667",
"datePublished": "2021-01-08T14:45:27.503Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:45:28.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4666 (GCVE-0-2020-4666)
Vulnerability from cvelistv5 – Published: 2021-01-08 14:45 – Updated: 2024-09-16 22:55
VLAI
Summary
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186281.
Severity
CWE
- Cross-Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6398724 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant |
Affected:
On-Premises
|
Date Public
2021-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204666-xss (186281)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "On-Premises"
}
]
}
],
"datePublic": "2021-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186281."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/UI:R/AV:N/S:C/I:L/AC:L/C:L/PR:L/RL:O/E:H/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T14:45:26.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204666-xss (186281)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186281"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant",
"version": {
"version_data": [
{
"version_value": "On-Premises"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186281."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398724",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398724 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204666-xss (186281)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186281"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4666",
"datePublished": "2021-01-08T14:45:26.864Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:55:38.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4664 (GCVE-0-2020-4664)
Vulnerability from cvelistv5 – Published: 2021-01-08 14:45 – Updated: 2024-09-16 17:58
VLAI
Summary
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186235.
Severity
CWE
- Cross-Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6398724 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant |
Affected:
On-Premises
|
Date Public
2021-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204664-xss (186235)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "On-Premises"
}
]
}
],
"datePublic": "2021-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186235."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/I:L/S:C/A:N/UI:R/AV:N/AC:L/C:L/PR:L/E:H/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T14:45:26.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204664-xss (186235)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant",
"version": {
"version_data": [
{
"version_value": "On-Premises"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186235."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398724",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398724 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204664-xss (186235)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4664",
"datePublished": "2021-01-08T14:45:26.229Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:58:14.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4663 (GCVE-0-2020-4663)
Vulnerability from cvelistv5 – Published: 2021-01-08 14:45 – Updated: 2024-09-16 17:58
VLAI
Summary
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186234.
Severity
CWE
- Cross-Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6398724 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant |
Affected:
On-Premises
|
Date Public
2021-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204663-xss (186234)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "On-Premises"
}
]
}
],
"datePublic": "2021-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186234."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/UI:R/I:L/S:C/PR:L/C:L/RL:O/E:H/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T14:45:25.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204663-xss (186234)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant",
"version": {
"version_data": [
{
"version_value": "On-Premises"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186234."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398724",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398724 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204663-xss (186234)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4663",
"datePublished": "2021-01-08T14:45:25.596Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:58:59.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29899 (GCVE-0-2021-29899)
Vulnerability from nvd – Published: 2022-03-18 15:40 – Updated: 2024-09-16 17:43
VLAI
Summary
IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413.
Severity
CWE
- Denial of Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6564317 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant |
Affected:
On-Premises
|
Date Public
2022-03-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6564317"
},
{
"name": "ibm-engineering-cve202129899-dos (207413)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "On-Premises"
}
]
}
],
"datePublic": "2022-03-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/AC:L/PR:L/I:N/A:H/AV:N/C:N/UI:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T15:40:14.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6564317"
},
{
"name": "ibm-engineering-cve202129899-dos (207413)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207413"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-17T00:00:00",
"ID": "CVE-2021-29899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant",
"version": {
"version_data": [
{
"version_value": "On-Premises"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6564317",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6564317 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6564317"
},
{
"name": "ibm-engineering-cve202129899-dos (207413)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29899",
"datePublished": "2022-03-18T15:40:14.510Z",
"dateReserved": "2021-03-31T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:43:30.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4667 (GCVE-0-2020-4667)
Vulnerability from nvd – Published: 2021-01-08 14:45 – Updated: 2024-09-17 00:45
VLAI
Summary
IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282.
Severity
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6398724 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant |
Affected:
On-Premises
|
Date Public
2021-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204667-info-disc (186282)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "On-Premises"
}
]
}
],
"datePublic": "2021-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/A:N/UI:N/AV:N/S:U/I:N/PR:L/C:L/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T14:45:27.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204667-info-disc (186282)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant",
"version": {
"version_data": [
{
"version_value": "On-Premises"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398724",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398724 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204667-info-disc (186282)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4667",
"datePublished": "2021-01-08T14:45:27.503Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:45:28.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4666 (GCVE-0-2020-4666)
Vulnerability from nvd – Published: 2021-01-08 14:45 – Updated: 2024-09-16 22:55
VLAI
Summary
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186281.
Severity
CWE
- Cross-Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6398724 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant |
Affected:
On-Premises
|
Date Public
2021-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204666-xss (186281)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "On-Premises"
}
]
}
],
"datePublic": "2021-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186281."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/UI:R/AV:N/S:C/I:L/AC:L/C:L/PR:L/RL:O/E:H/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T14:45:26.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204666-xss (186281)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186281"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant",
"version": {
"version_data": [
{
"version_value": "On-Premises"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186281."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398724",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398724 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204666-xss (186281)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186281"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4666",
"datePublished": "2021-01-08T14:45:26.864Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:55:38.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4664 (GCVE-0-2020-4664)
Vulnerability from nvd – Published: 2021-01-08 14:45 – Updated: 2024-09-16 17:58
VLAI
Summary
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186235.
Severity
CWE
- Cross-Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6398724 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant |
Affected:
On-Premises
|
Date Public
2021-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204664-xss (186235)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "On-Premises"
}
]
}
],
"datePublic": "2021-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186235."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/I:L/S:C/A:N/UI:R/AV:N/AC:L/C:L/PR:L/E:H/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T14:45:26.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204664-xss (186235)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant",
"version": {
"version_data": [
{
"version_value": "On-Premises"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186235."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398724",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398724 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204664-xss (186235)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4664",
"datePublished": "2021-01-08T14:45:26.229Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:58:14.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4663 (GCVE-0-2020-4663)
Vulnerability from nvd – Published: 2021-01-08 14:45 – Updated: 2024-09-16 17:58
VLAI
Summary
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186234.
Severity
CWE
- Cross-Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6398724 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Engineering Requirements Quality Assistant |
Affected:
On-Premises
|
Date Public
2021-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204663-xss (186234)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Requirements Quality Assistant",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "On-Premises"
}
]
}
],
"datePublic": "2021-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186234."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/UI:R/I:L/S:C/PR:L/C:L/RL:O/E:H/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T14:45:25.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204663-xss (186234)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Requirements Quality Assistant",
"version": {
"version_data": [
{
"version_value": "On-Premises"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186234."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398724",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398724 (Engineering Requirements Quality Assistant)",
"url": "https://www.ibm.com/support/pages/node/6398724"
},
{
"name": "ibm-rqa-cve20204663-xss (186234)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4663",
"datePublished": "2021-01-08T14:45:25.596Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:58:59.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}