IBM DOORS Next Generation 6.0.2 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability

Published on July 19th, 2020
Summary

IBM DOORS Next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Credit:

The information has been provided by Vendor

The original article can be found at:https://www.ibm.com/support/pages/node/6235162


Details

IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 

 

Vulnerable Systems:

IBM DOORS Next Generation 6.0.2

IBM DOORS Next Generation 6.0.6

IBM DOORS Next Generation 6.0.6.1

IBM DOORS Next Generation 7.0

 

CVE Information:

CVE-2020-4281

Disclosure Timeline:
Published Date:6/19/2020

Categories: FeaturedNews

Related Posts

Featured News

HUAWEI P30 with versions earlier than 10.1.0.160 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Featured News

HUAWEI P30 with versions earlier than 10.1.0.135 Improper Verification of Cryptographic Signature Vulnerability

Featured News

HUAWEI P30 smartphone versions 10.1.0.135 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability