CVE-2020-4895 : What You Need to Know

IBM Emptoris Strategic Supply Management versions 10.1.0, 10.1.1, and 10.1.3 are vulnerable to stored cross-site scripting, potentially leading to credentials disclosure within a trusted session.

Understanding CVE-2020-4895

IBM Emptoris Strategic Supply Management versions 10.1.0, 10.1.1, and 10.1.3 are affected by a stored cross-site scripting vulnerability.

What is CVE-2020-4895?

This vulnerability allows users to inject arbitrary JavaScript code into the Web UI, potentially altering the intended functionality and leading to the disclosure of credentials within a trusted session.

The Impact of CVE-2020-4895

The impact of this vulnerability is rated as medium severity, with a CVSS base score of 6.4. It can result in the compromise of confidentiality and integrity of the affected systems.

Technical Details of CVE-2020-4895

IBM Emptoris Strategic Supply Management versions 10.1.0, 10.1.1, and 10.1.3 are susceptible to stored cross-site scripting.

Vulnerability Description

The vulnerability allows attackers to embed malicious JavaScript code in the Web UI, potentially leading to unauthorized access and data theft.

Affected Systems and Versions

Product: Emptoris Sourcing
Vendor: IBM
Vulnerable Versions: 10.1.0, 10.1.1, 10.1.3

Exploitation Mechanism

Attack Complexity: Low
Attack Vector: Network
Privileges Required: Low
User Interaction: None
Exploit Code Maturity: High

Mitigation and Prevention

Immediate action is necessary to address the CVE-2020-4895 vulnerability.

Immediate Steps to Take

Apply the official fix provided by IBM to mitigate the vulnerability.
Monitor for any unusual activities that may indicate exploitation of the vulnerability.

Long-Term Security Practices

Regularly update and patch the software to prevent future vulnerabilities.
Educate users on safe browsing practices to minimize the risk of XSS attacks.

Patching and Updates

Stay informed about security bulletins and updates from IBM to apply patches promptly.