CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-4987

The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.4%

CVSS Severity

CVSS v3 Score 6.4

CVSS v2 Score 3.5

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/192702
https://www.ibm.com/support/pages/node/6449280
https://exchange.xforce.ibmcloud.com/vulnerabilities/192702
https://www.ibm.com/support/pages/node/6449280

Products affected by CVE-2020-4987

Ibm » Flashsystem 900 » Version: N/A

cpe:2.3:h:ibm:flashsystem_900:-
Ibm » Flashsystem 900 Firmware » Version: Any

cpe:2.3:o:ibm:flashsystem_900_firmware:*
Ibm » Flashsystem 900 Firmware » Version: N/A

cpe:2.3:o:ibm:flashsystem_900_firmware:-
Ibm » Flashsystem 900 Firmware » Version: 1.4

cpe:2.3:o:ibm:flashsystem_900_firmware:1.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-4987

Products

Pricing

Contact Us