Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    5 vulnerabilities found for Intelligent Operations Center for Emergency Management by IBM

    VAR-201909-0009

    Vulnerability from variot - Updated: 2023-12-18 13:56

    IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. Vendors have confirmed this vulnerability IBM X-Force ID: 161201 It is released as.Information may be obtained. The product has functions such as data visualization and real-time collaboration. IBM Water Operations for Waternamics is a predictive analytics platform for water operators. The platform includes functions such as infrastructure management, asset management, and operation management for water operators. The vulnerability stems from the failure of the program to require users to use strong passwords by default. Attackers can use this vulnerability to control accounts

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0009",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "water operations for waternamics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "5.1.0"
          },
          {
            "model": "water operations for waternamics",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "5.2.1.1"
          },
          {
            "model": "intelligent operations center",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "5.2.0"
          },
          {
            "model": "intelligent operations center for emergency management",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "5.1.0.6"
          },
          {
            "model": "intelligent operations center for emergency management",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "5.1.0"
          },
          {
            "model": "intelligent operations center",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "5.1.0"
          },
          {
            "model": "intelligent operations center",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "5.1.0 to  5.2.0"
          },
          {
            "model": "intelligent operations center for emergency management",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "5.1.0 to  5.1.0.6"
          },
          {
            "model": "water operations for waternamics",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "5.1.0 to  5.2.1.1"
          },
          {
            "model": "intelligent operations center",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "5.1.0,\u003c=5.2.0"
          },
          {
            "model": "intelligent operations center for emergency management",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "5.1.0,\u003c=5.1.0.6"
          },
          {
            "model": "water operations for waternamics",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "5.1.0,\u003c=5.2.1.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-30483"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008846"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4321"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:intelligent_operations_center:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.2.0",
                    "versionStartIncluding": "5.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:intelligent_operations_center_for_emergency_management:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.1.0.6",
                    "versionStartIncluding": "5.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:water_operations_for_waternamics:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.2.1.1",
                    "versionStartIncluding": "5.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-4321"
          }
        ]
      },
      "cve": "CVE-2019-4321",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-4321",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-30483",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "psirt@us.ibm.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-4321",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-4321",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "psirt@us.ibm.com",
                "id": "CVE-2019-4321",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-30483",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-2278",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-30483"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008846"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4321"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2278"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201. Vendors have confirmed this vulnerability IBM X-Force ID: 161201 It is released as.Information may be obtained. The product has functions such as data visualization and real-time collaboration. IBM Water Operations for Waternamics is a predictive analytics platform for water operators. The platform includes functions such as infrastructure management, asset management, and operation management for water operators. The vulnerability stems from the failure of the program to require users to use strong passwords by default. Attackers can use this vulnerability to control accounts",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-4321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008846"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-30483"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-4321",
            "trust": 3.0
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3312",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008846",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-30483",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2278",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-30483"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008846"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2278"
          }
        ]
      },
      "id": "VAR-201909-0009",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-30483"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-30483"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:56:33.678000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "885901",
            "trust": 0.8,
            "url": "https://www.ibm.com/support/pages/security-bulletin-password-vulnerability-ibm%c2%ae-intelligent-operations-center-cve-2019-4321"
          },
          {
            "title": "ibm-ioc-cve20194321-info-disc (161201)",
            "trust": 0.8,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161201"
          },
          {
            "title": "Patch for IBM Intelligent Operations Center and IBM Water Operations for Waternamics weak password vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/179007"
          },
          {
            "title": "IBM Intelligent Operations Center  and IBM Water Operations for Waternamics Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97786"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-30483"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008846"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2278"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-521",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-255",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008846"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4321"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885901"
          },
          {
            "trust": 1.6,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161201"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-4321"
          },
          {
            "trust": 1.2,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3312/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-4321"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-30483"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008846"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2278"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-30483"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008846"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-4321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2278"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-09-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-30483"
          },
          {
            "date": "2019-09-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008846"
          },
          {
            "date": "2019-09-05T15:15:13.063000",
            "db": "NVD",
            "id": "CVE-2019-4321"
          },
          {
            "date": "2019-08-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-2278"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-09-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-30483"
          },
          {
            "date": "2019-09-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008846"
          },
          {
            "date": "2022-12-02T22:22:35.133000",
            "db": "NVD",
            "id": "CVE-2019-4321"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-2278"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2278"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  IBM Vulnerabilities related to certificate and password management in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008846"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2278"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2020-4318 (GCVE-0-2020-4318)

    Vulnerability from cvelistv5 – Published: 2020-07-28 12:05 – Updated: 2024-09-16 23:16
    VLAI
    Summary
    IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center for Emergency Management Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Create a notification for this product.
    IBM Water Operations for Waternamics Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    Date Public
    2020-07-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:00:07.299Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6253297"
              },
              {
                "name": "ibm-ioc-cve20204318-xss (177356)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center for Emergency Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                }
              ]
            },
            {
              "product": "Water Operations for Waternamics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            },
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            }
          ],
          "datePublic": "2020-07-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/PR:L/S:C/AC:L/C:L/A:N/AV:N/UI:R/I:L/RC:C/RL:O/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-28T12:05:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6253297"
            },
            {
              "name": "ibm-ioc-cve20204318-xss (177356)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-07-27T00:00:00",
              "ID": "CVE-2020-4318",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center for Emergency Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Water Operations for Waternamics",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6253297",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6253297 (Intelligent Operations Center for Emergency Management)",
                  "url": "https://www.ibm.com/support/pages/node/6253297"
                },
                {
                  "name": "ibm-ioc-cve20204318-xss (177356)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4318",
        "datePublished": "2020-07-28T12:05:26.224Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:16:15.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4317 (GCVE-0-2020-4317)

    Vulnerability from cvelistv5 – Published: 2020-07-28 12:05 – Updated: 2024-09-16 20:22
    VLAI
    Summary
    IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    IBM Water Operations for Waternamics Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    IBM Intelligent Operations Center for Emergency Management Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Create a notification for this product.
    Date Public
    2020-07-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:00:07.377Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6253295"
              },
              {
                "name": "ibm-ioc-cve20204317-xss (177355)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            },
            {
              "product": "Water Operations for Waternamics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            },
            {
              "product": "Intelligent Operations Center for Emergency Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                }
              ]
            }
          ],
          "datePublic": "2020-07-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/I:L/UI:R/AV:N/A:N/C:L/AC:L/PR:L/S:C/RC:C/RL:O/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-28T12:05:25.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6253295"
            },
            {
              "name": "ibm-ioc-cve20204317-xss (177355)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-07-27T00:00:00",
              "ID": "CVE-2020-4317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Water Operations for Waternamics",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Intelligent Operations Center for Emergency Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6253295",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6253295 (Water Operations for Waternamics)",
                  "url": "https://www.ibm.com/support/pages/node/6253295"
                },
                {
                  "name": "ibm-ioc-cve20204317-xss (177355)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4317",
        "datePublished": "2020-07-28T12:05:25.765Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:22:16.958Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4318 (GCVE-0-2020-4318)

    Vulnerability from nvd – Published: 2020-07-28 12:05 – Updated: 2024-09-16 23:16
    VLAI
    Summary
    IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center for Emergency Management Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Create a notification for this product.
    IBM Water Operations for Waternamics Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    Date Public
    2020-07-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:00:07.299Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6253297"
              },
              {
                "name": "ibm-ioc-cve20204318-xss (177356)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center for Emergency Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                }
              ]
            },
            {
              "product": "Water Operations for Waternamics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            },
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            }
          ],
          "datePublic": "2020-07-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/PR:L/S:C/AC:L/C:L/A:N/AV:N/UI:R/I:L/RC:C/RL:O/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-28T12:05:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6253297"
            },
            {
              "name": "ibm-ioc-cve20204318-xss (177356)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-07-27T00:00:00",
              "ID": "CVE-2020-4318",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center for Emergency Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Water Operations for Waternamics",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177356."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6253297",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6253297 (Intelligent Operations Center for Emergency Management)",
                  "url": "https://www.ibm.com/support/pages/node/6253297"
                },
                {
                  "name": "ibm-ioc-cve20204318-xss (177356)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177356"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4318",
        "datePublished": "2020-07-28T12:05:26.224Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:16:15.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4317 (GCVE-0-2020-4317)

    Vulnerability from nvd – Published: 2020-07-28 12:05 – Updated: 2024-09-16 20:22
    VLAI
    Summary
    IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Intelligent Operations Center Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    IBM Water Operations for Waternamics Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Affected: 5.2
    Affected: 5.2.1
    Create a notification for this product.
    IBM Intelligent Operations Center for Emergency Management Affected: 5.1.0
    Affected: 5.1.0.2
    Affected: 5.1.0.3
    Affected: 5.1.0.4
    Affected: 5.1.0.6
    Create a notification for this product.
    Date Public
    2020-07-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:00:07.377Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6253295"
              },
              {
                "name": "ibm-ioc-cve20204317-xss (177355)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intelligent Operations Center",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            },
            {
              "product": "Water Operations for Waternamics",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                },
                {
                  "status": "affected",
                  "version": "5.2"
                },
                {
                  "status": "affected",
                  "version": "5.2.1"
                }
              ]
            },
            {
              "product": "Intelligent Operations Center for Emergency Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.0.6"
                }
              ]
            }
          ],
          "datePublic": "2020-07-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/I:L/UI:R/AV:N/A:N/C:L/AC:L/PR:L/S:C/RC:C/RL:O/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-28T12:05:25.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6253295"
            },
            {
              "name": "ibm-ioc-cve20204317-xss (177355)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-07-27T00:00:00",
              "ID": "CVE-2020-4317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intelligent Operations Center",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Water Operations for Waternamics",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              },
                              {
                                "version_value": "5.2"
                              },
                              {
                                "version_value": "5.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Intelligent Operations Center for Emergency Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.1.0"
                              },
                              {
                                "version_value": "5.1.0.2"
                              },
                              {
                                "version_value": "5.1.0.3"
                              },
                              {
                                "version_value": "5.1.0.4"
                              },
                              {
                                "version_value": "5.1.0.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 177355."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6253295",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6253295 (Water Operations for Waternamics)",
                  "url": "https://www.ibm.com/support/pages/node/6253295"
                },
                {
                  "name": "ibm-ioc-cve20204317-xss (177355)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/177355"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4317",
        "datePublished": "2020-07-28T12:05:25.765Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:22:16.958Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }