Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities found for Intelligent Operations Center for Emergency Management by IBM
VAR-201909-0009
Vulnerability from variot - Updated: 2023-12-18 13:56IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. Vendors have confirmed this vulnerability IBM X-Force ID: 161201 It is released as.Information may be obtained. The product has functions such as data visualization and real-time collaboration. IBM Water Operations for Waternamics is a predictive analytics platform for water operators. The platform includes functions such as infrastructure management, asset management, and operation management for water operators. The vulnerability stems from the failure of the program to require users to use strong passwords by default. Attackers can use this vulnerability to control accounts
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0009",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "water operations for waternamics",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "5.1.0"
},
{
"model": "water operations for waternamics",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "5.2.1.1"
},
{
"model": "intelligent operations center",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "5.2.0"
},
{
"model": "intelligent operations center for emergency management",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "5.1.0.6"
},
{
"model": "intelligent operations center for emergency management",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "5.1.0"
},
{
"model": "intelligent operations center",
"scope": "gte",
"trust": 1.0,
"vendor": "ibm",
"version": "5.1.0"
},
{
"model": "intelligent operations center",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "5.1.0 to 5.2.0"
},
{
"model": "intelligent operations center for emergency management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "5.1.0 to 5.1.0.6"
},
{
"model": "water operations for waternamics",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "5.1.0 to 5.2.1.1"
},
{
"model": "intelligent operations center",
"scope": "gte",
"trust": 0.6,
"vendor": "ibm",
"version": "5.1.0,\u003c=5.2.0"
},
{
"model": "intelligent operations center for emergency management",
"scope": "gte",
"trust": 0.6,
"vendor": "ibm",
"version": "5.1.0,\u003c=5.1.0.6"
},
{
"model": "water operations for waternamics",
"scope": "gte",
"trust": 0.6,
"vendor": "ibm",
"version": "5.1.0,\u003c=5.2.1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30483"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008846"
},
{
"db": "NVD",
"id": "CVE-2019-4321"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:intelligent_operations_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2.0",
"versionStartIncluding": "5.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:intelligent_operations_center_for_emergency_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.0.6",
"versionStartIncluding": "5.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:water_operations_for_waternamics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2.1.1",
"versionStartIncluding": "5.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-4321"
}
]
},
"cve": "CVE-2019-4321",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-4321",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-30483",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@us.ibm.com",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-4321",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-4321",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@us.ibm.com",
"id": "CVE-2019-4321",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-30483",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-2278",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30483"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008846"
},
{
"db": "NVD",
"id": "CVE-2019-4321"
},
{
"db": "NVD",
"id": "CVE-2019-4321"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. Vendors have confirmed this vulnerability IBM X-Force ID: 161201 It is released as.Information may be obtained. The product has functions such as data visualization and real-time collaboration. IBM Water Operations for Waternamics is a predictive analytics platform for water operators. The platform includes functions such as infrastructure management, asset management, and operation management for water operators. The vulnerability stems from the failure of the program to require users to use strong passwords by default. Attackers can use this vulnerability to control accounts",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-4321"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008846"
},
{
"db": "CNVD",
"id": "CNVD-2019-30483"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-4321",
"trust": 3.0
},
{
"db": "AUSCERT",
"id": "ESB-2019.3312",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008846",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-30483",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2278",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30483"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008846"
},
{
"db": "NVD",
"id": "CVE-2019-4321"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2278"
}
]
},
"id": "VAR-201909-0009",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30483"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30483"
}
]
},
"last_update_date": "2023-12-18T13:56:33.678000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "885901",
"trust": 0.8,
"url": "https://www.ibm.com/support/pages/security-bulletin-password-vulnerability-ibm%c2%ae-intelligent-operations-center-cve-2019-4321"
},
{
"title": "ibm-ioc-cve20194321-info-disc (161201)",
"trust": 0.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161201"
},
{
"title": "Patch for IBM Intelligent Operations Center and IBM Water Operations for Waternamics weak password vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/179007"
},
{
"title": "IBM Intelligent Operations Center and IBM Water Operations for Waternamics Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97786"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30483"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008846"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2278"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008846"
},
{
"db": "NVD",
"id": "CVE-2019-4321"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10885901"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161201"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-4321"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3312/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4321"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-30483"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008846"
},
{
"db": "NVD",
"id": "CVE-2019-4321"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-30483"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008846"
},
{
"db": "NVD",
"id": "CVE-2019-4321"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-30483"
},
{
"date": "2019-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008846"
},
{
"date": "2019-09-05T15:15:13.063000",
"db": "NVD",
"id": "CVE-2019-4321"
},
{
"date": "2019-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-30483"
},
{
"date": "2019-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008846"
},
{
"date": "2022-12-02T22:22:35.133000",
"db": "NVD",
"id": "CVE-2019-4321"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2278"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2278"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural IBM Vulnerabilities related to certificate and password management in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008846"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2278"
}
],
"trust": 0.6
}
}
CVE-2020-4318 (GCVE-0-2020-4318)
Vulnerability from cvelistv5 – Published: 2020-07-28 12:05 – Updated: 2024-09-16 23:16- Cross-Site Scripting
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6253297 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Intelligent Operations Center for Emergency Management |
Affected:
5.1.0
Affected: 5.1.0.2 Affected: 5.1.0.3 Affected: 5.1.0.4 Affected: 5.1.0.6 |
|
| IBM | Water Operations for Waternamics |
Affected:
5.1.0
Affected: 5.1.0.2 Affected: 5.1.0.3 Affected: 5.1.0.4 Affected: 5.1.0.6 Affected: 5.2 Affected: 5.2.1 |
|
| IBM | Intelligent Operations Center |
Affected:
5.1.0
Affected: 5.1.0.2 Affected: 5.1.0.3 Affected: 5.1.0.4 Affected: 5.1.0.6 Affected: 5.2 Affected: 5.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6253297"
},
{
"name": "ibm-ioc-cve20204318-xss (177356)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intelligent Operations Center for Emergency Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.0.2"
},
{
"status": "affected",
"version": "5.1.0.3"
},
{
"status": "affected",
"version": "5.1.0.4"
},
{
"status": "affected",
"version": "5.1.0.6"
}
]
},
{
"product": "Water Operations for Waternamics",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.0.2"
},
{
"status": "affected",
"version": "5.1.0.3"
},
{
"status": "affected",
"version": "5.1.0.4"
},
{
"status": "affected",
"version": "5.1.0.6"
},
{
"status": "affected",
"version": "5.2"
},
{
"status": "affected",
"version": "5.2.1"
}
]
},
{
"product": "Intelligent Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.0.2"
},
{
"status": "affected",
"version": "5.1.0.3"
},
{
"status": "affected",
"version": "5.1.0.4"
},
{
"status": "affected",
"version": "5.1.0.6"
},
{
"status": "affected",
"version": "5.2"
},
{
"status": "affected",
"version": "5.2.1"
}
]
}
],
"datePublic": "2020-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/S:C/AC:L/C:L/A:N/AV:N/UI:R/I:L/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-28T12:05:26.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6253297"
},
{
"name": "ibm-ioc-cve20204318-xss (177356)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-07-27T00:00:00",
"ID": "CVE-2020-4318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intelligent Operations Center for Emergency Management",
"version": {
"version_data": [
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.6"
}
]
}
},
{
"product_name": "Water Operations for Waternamics",
"version": {
"version_data": [
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.6"
},
{
"version_value": "5.2"
},
{
"version_value": "5.2.1"
}
]
}
},
{
"product_name": "Intelligent Operations Center",
"version": {
"version_data": [
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.6"
},
{
"version_value": "5.2"
},
{
"version_value": "5.2.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6253297",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6253297 (Intelligent Operations Center for Emergency Management)",
"url": "https://www.ibm.com/support/pages/node/6253297"
},
{
"name": "ibm-ioc-cve20204318-xss (177356)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4318",
"datePublished": "2020-07-28T12:05:26.224Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:16:15.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4317 (GCVE-0-2020-4317)
Vulnerability from cvelistv5 – Published: 2020-07-28 12:05 – Updated: 2024-09-16 20:22- Cross-Site Scripting
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6253295 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Intelligent Operations Center |
Affected:
5.1.0
Affected: 5.1.0.2 Affected: 5.1.0.3 Affected: 5.1.0.4 Affected: 5.1.0.6 Affected: 5.2 Affected: 5.2.1 |
|
| IBM | Water Operations for Waternamics |
Affected:
5.1.0
Affected: 5.1.0.2 Affected: 5.1.0.3 Affected: 5.1.0.4 Affected: 5.1.0.6 Affected: 5.2 Affected: 5.2.1 |
|
| IBM | Intelligent Operations Center for Emergency Management |
Affected:
5.1.0
Affected: 5.1.0.2 Affected: 5.1.0.3 Affected: 5.1.0.4 Affected: 5.1.0.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6253295"
},
{
"name": "ibm-ioc-cve20204317-xss (177355)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intelligent Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.0.2"
},
{
"status": "affected",
"version": "5.1.0.3"
},
{
"status": "affected",
"version": "5.1.0.4"
},
{
"status": "affected",
"version": "5.1.0.6"
},
{
"status": "affected",
"version": "5.2"
},
{
"status": "affected",
"version": "5.2.1"
}
]
},
{
"product": "Water Operations for Waternamics",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.0.2"
},
{
"status": "affected",
"version": "5.1.0.3"
},
{
"status": "affected",
"version": "5.1.0.4"
},
{
"status": "affected",
"version": "5.1.0.6"
},
{
"status": "affected",
"version": "5.2"
},
{
"status": "affected",
"version": "5.2.1"
}
]
},
{
"product": "Intelligent Operations Center for Emergency Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.0.2"
},
{
"status": "affected",
"version": "5.1.0.3"
},
{
"status": "affected",
"version": "5.1.0.4"
},
{
"status": "affected",
"version": "5.1.0.6"
}
]
}
],
"datePublic": "2020-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/I:L/UI:R/AV:N/A:N/C:L/AC:L/PR:L/S:C/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-28T12:05:25.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6253295"
},
{
"name": "ibm-ioc-cve20204317-xss (177355)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-07-27T00:00:00",
"ID": "CVE-2020-4317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intelligent Operations Center",
"version": {
"version_data": [
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.6"
},
{
"version_value": "5.2"
},
{
"version_value": "5.2.1"
}
]
}
},
{
"product_name": "Water Operations for Waternamics",
"version": {
"version_data": [
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.6"
},
{
"version_value": "5.2"
},
{
"version_value": "5.2.1"
}
]
}
},
{
"product_name": "Intelligent Operations Center for Emergency Management",
"version": {
"version_data": [
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6253295",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6253295 (Water Operations for Waternamics)",
"url": "https://www.ibm.com/support/pages/node/6253295"
},
{
"name": "ibm-ioc-cve20204317-xss (177355)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4317",
"datePublished": "2020-07-28T12:05:25.765Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:22:16.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4318 (GCVE-0-2020-4318)
Vulnerability from nvd – Published: 2020-07-28 12:05 – Updated: 2024-09-16 23:16- Cross-Site Scripting
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6253297 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Intelligent Operations Center for Emergency Management |
Affected:
5.1.0
Affected: 5.1.0.2 Affected: 5.1.0.3 Affected: 5.1.0.4 Affected: 5.1.0.6 |
|
| IBM | Water Operations for Waternamics |
Affected:
5.1.0
Affected: 5.1.0.2 Affected: 5.1.0.3 Affected: 5.1.0.4 Affected: 5.1.0.6 Affected: 5.2 Affected: 5.2.1 |
|
| IBM | Intelligent Operations Center |
Affected:
5.1.0
Affected: 5.1.0.2 Affected: 5.1.0.3 Affected: 5.1.0.4 Affected: 5.1.0.6 Affected: 5.2 Affected: 5.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6253297"
},
{
"name": "ibm-ioc-cve20204318-xss (177356)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intelligent Operations Center for Emergency Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.0.2"
},
{
"status": "affected",
"version": "5.1.0.3"
},
{
"status": "affected",
"version": "5.1.0.4"
},
{
"status": "affected",
"version": "5.1.0.6"
}
]
},
{
"product": "Water Operations for Waternamics",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.0.2"
},
{
"status": "affected",
"version": "5.1.0.3"
},
{
"status": "affected",
"version": "5.1.0.4"
},
{
"status": "affected",
"version": "5.1.0.6"
},
{
"status": "affected",
"version": "5.2"
},
{
"status": "affected",
"version": "5.2.1"
}
]
},
{
"product": "Intelligent Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.0.2"
},
{
"status": "affected",
"version": "5.1.0.3"
},
{
"status": "affected",
"version": "5.1.0.4"
},
{
"status": "affected",
"version": "5.1.0.6"
},
{
"status": "affected",
"version": "5.2"
},
{
"status": "affected",
"version": "5.2.1"
}
]
}
],
"datePublic": "2020-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/S:C/AC:L/C:L/A:N/AV:N/UI:R/I:L/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-28T12:05:26.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6253297"
},
{
"name": "ibm-ioc-cve20204318-xss (177356)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-07-27T00:00:00",
"ID": "CVE-2020-4318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intelligent Operations Center for Emergency Management",
"version": {
"version_data": [
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.6"
}
]
}
},
{
"product_name": "Water Operations for Waternamics",
"version": {
"version_data": [
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.6"
},
{
"version_value": "5.2"
},
{
"version_value": "5.2.1"
}
]
}
},
{
"product_name": "Intelligent Operations Center",
"version": {
"version_data": [
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.6"
},
{
"version_value": "5.2"
},
{
"version_value": "5.2.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6253297",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6253297 (Intelligent Operations Center for Emergency Management)",
"url": "https://www.ibm.com/support/pages/node/6253297"
},
{
"name": "ibm-ioc-cve20204318-xss (177356)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4318",
"datePublished": "2020-07-28T12:05:26.224Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:16:15.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4317 (GCVE-0-2020-4317)
Vulnerability from nvd – Published: 2020-07-28 12:05 – Updated: 2024-09-16 20:22- Cross-Site Scripting
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6253295 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Intelligent Operations Center |
Affected:
5.1.0
Affected: 5.1.0.2 Affected: 5.1.0.3 Affected: 5.1.0.4 Affected: 5.1.0.6 Affected: 5.2 Affected: 5.2.1 |
|
| IBM | Water Operations for Waternamics |
Affected:
5.1.0
Affected: 5.1.0.2 Affected: 5.1.0.3 Affected: 5.1.0.4 Affected: 5.1.0.6 Affected: 5.2 Affected: 5.2.1 |
|
| IBM | Intelligent Operations Center for Emergency Management |
Affected:
5.1.0
Affected: 5.1.0.2 Affected: 5.1.0.3 Affected: 5.1.0.4 Affected: 5.1.0.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6253295"
},
{
"name": "ibm-ioc-cve20204317-xss (177355)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intelligent Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.0.2"
},
{
"status": "affected",
"version": "5.1.0.3"
},
{
"status": "affected",
"version": "5.1.0.4"
},
{
"status": "affected",
"version": "5.1.0.6"
},
{
"status": "affected",
"version": "5.2"
},
{
"status": "affected",
"version": "5.2.1"
}
]
},
{
"product": "Water Operations for Waternamics",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.0.2"
},
{
"status": "affected",
"version": "5.1.0.3"
},
{
"status": "affected",
"version": "5.1.0.4"
},
{
"status": "affected",
"version": "5.1.0.6"
},
{
"status": "affected",
"version": "5.2"
},
{
"status": "affected",
"version": "5.2.1"
}
]
},
{
"product": "Intelligent Operations Center for Emergency Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.0.2"
},
{
"status": "affected",
"version": "5.1.0.3"
},
{
"status": "affected",
"version": "5.1.0.4"
},
{
"status": "affected",
"version": "5.1.0.6"
}
]
}
],
"datePublic": "2020-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/I:L/UI:R/AV:N/A:N/C:L/AC:L/PR:L/S:C/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-28T12:05:25.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6253295"
},
{
"name": "ibm-ioc-cve20204317-xss (177355)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-07-27T00:00:00",
"ID": "CVE-2020-4317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intelligent Operations Center",
"version": {
"version_data": [
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.6"
},
{
"version_value": "5.2"
},
{
"version_value": "5.2.1"
}
]
}
},
{
"product_name": "Water Operations for Waternamics",
"version": {
"version_data": [
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.6"
},
{
"version_value": "5.2"
},
{
"version_value": "5.2.1"
}
]
}
},
{
"product_name": "Intelligent Operations Center for Emergency Management",
"version": {
"version_data": [
{
"version_value": "5.1.0"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6253295",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6253295 (Water Operations for Waternamics)",
"url": "https://www.ibm.com/support/pages/node/6253295"
},
{
"name": "ibm-ioc-cve20204317-xss (177355)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4317",
"datePublished": "2020-07-28T12:05:25.765Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:22:16.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}