← back
CVE-2020-4987

CVE-2020-4987

CVSS 6.4 MEDIUMEPSS 0.5%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.4EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 May 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The IBM FlashSystem 900 user management GUI is vulnerable to stored cross-site scripting in code versions 1.5.2.8 and prior and 1.6.1.2 and prior. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS:3.0/A:N/UI:N/S:C/AC:L/I:L/PR:L/AV:N/C:L/RL:O/RC:C/E:H
Affected products
IBM · FlashSystem 900