CVE-2019-4137

Summary

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158333.

Affected Software

VendorProductVersion RangeStatus
IBMSpectrum Control Standard Edition5.2.13affected
IBMSpectrum Control Standard Edition5.2.14affected
IBMSpectrum Control Standard Edition5.2.15affected
IBMSpectrum Control Standard Edition5.2.16affected
IBMSpectrum Control Standard Edition5.2.15.2affected
IBMSpectrum Control Standard Edition5.2.17.0affected
IBMSpectrum Control Standard Edition5.2.17.1affected
IBMSpectrum Control Standard Edition5.2.17.2affected
IBMSpectrum Control Standard Edition5.3.0.1affected
IBMSpectrum Control Standard Edition5.3.15.3.2affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References