CVE-2020-4920 : What You Need to Know

IBM Jazz Team Server products are vulnerable to stored cross-site scripting, potentially leading to credentials disclosure within a trusted session.

Understanding CVE-2020-4920

What is CVE-2020-4920?

CVE-2020-4920 is a vulnerability in IBM Jazz Team Server products that allows users to embed arbitrary JavaScript code in the Web UI, altering functionality.

The Impact of CVE-2020-4920

This vulnerability can lead to credentials disclosure within a trusted session, posing a risk to the security of affected systems.

Technical Details of CVE-2020-4920

Vulnerability Description

The vulnerability in IBM Jazz Team Server products allows for stored cross-site scripting, enabling the injection of malicious JavaScript code.

Affected Systems and Versions

Rational Engineering Lifecycle Manager: 6.0.2, 6.0.6, 6.0.6.1, 7.0, 7.0.1
Rational Quality Manager: 6.0.2, 6.0.6, 6.0.6.1
Rational Team Concert: 6.0.2, 6.0.6, 6.0.6.1
Rational Collaborative Lifecycle Management: 6.0.2, 6.0.6, 6.0.6.1
Rational DOORS Next Generation: 6.0.2, 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2
Engineering Test Management: 7.0.0, 7.0.1, 7.0.2
Engineering Lifecycle Optimization: 7.0, 7.0.1, 7.0.2
Engineering Workflow Management: 7.0, 7.0.1, 7.0.2
Rational Rhapsody Model Manager: 6.0.6, 6.0.6.1, 7.0, 7.0.1, 6.0.2

Exploitation Mechanism

The vulnerability can be exploited by injecting malicious JavaScript code into the Web UI of the affected IBM Jazz Team Server products.

Mitigation and Prevention

Immediate Steps to Take

Apply official fixes provided by IBM to address the vulnerability.
Monitor for any unusual activities that may indicate exploitation of the vulnerability.

Long-Term Security Practices

Regularly update and patch the affected systems to prevent security vulnerabilities.

Patching and Updates

Stay informed about security bulletins and updates from IBM to ensure the latest patches are applied in a timely manner.