Rewterz Threat Alert – Iranian Hackers Actively Exploiting Windows Zerologon Flaw
October 6, 2020Rewterz Threat Advisory – CVE-2020-4528 – IBM DataPower Gateway information disclosure
October 7, 2020Rewterz Threat Alert – Iranian Hackers Actively Exploiting Windows Zerologon Flaw
October 6, 2020Rewterz Threat Advisory – CVE-2020-4528 – IBM DataPower Gateway information disclosure
October 7, 2020Severity
Medium
Analysis Summary
CVE-2019-4725
IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Impact
Cross-site scripting
Affected Vendors
IBM
Affected Products
IBM Security Access Manager Appliance 9.0
Remediation
Refer to IBM Security advisory for patch, upgrade or suggested workaround information.