CVE-2020-4615: XSS

Q: What is the severity of CVE-2020-4615?

The severity of CVE-2020-4615 is medium with a severity value of 5.4.

Q: How does CVE-2020-4615 affect IBM Data Risk Manager?

CVE-2020-4615 allows users to embed arbitrary JavaScript code in the Web UI of IBM Data Risk Manager, potentially leading to credentials disclosure within a trusted session.

Q: What is the Common Weakness Enumeration (CWE) ID for CVE-2020-4615?

The Common Weakness Enumeration (CWE) ID for CVE-2020-4615 is CWE-79.

Q: How can I fix CVE-2020-4615?

To fix CVE-2020-4615, apply the patch provided by IBM for IBM Data Risk Manager version 2.0.6.

Q: Where can I find more information about CVE-2020-4615?

More information about CVE-2020-4615 can be found on the IBM X-Force Exchange and the IBM Support website.

Published Sep 22, 2020

Updated

IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184928.

Affected Software

2 affected componentsFixes available

IBM Data Risk Manager<2.0.6.4

IBM Data Risk Manager<=2.0.6

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6335281

Event History

Sep 22, 2020

CVE Published

via MITRE·01:55 PM

Data Sourced

via MITRE·01:55 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-6335281

Frequently Asked Questions

What is the severity of CVE-2020-4615?

The severity of CVE-2020-4615 is medium with a severity value of 5.4.

How does CVE-2020-4615 affect IBM Data Risk Manager?

CVE-2020-4615 allows users to embed arbitrary JavaScript code in the Web UI of IBM Data Risk Manager, potentially leading to credentials disclosure within a trusted session.

What is the Common Weakness Enumeration (CWE) ID for CVE-2020-4615?