Medium Severity

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale which allows users to embed arbitrary JavaScript code in the Web UI (CVE-2019-4665)

Share this post:

A security vulnerability has been identified in all levels of IBM Spectrum Scale that could allow users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. A fix for this vulnerability is available.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Spectrum Scale 5.0.0.0 – 5.0.4.0
IBM Spectrum Scale 4.2.0.0 – 4.2.3.18

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1118937

More stories

Security Bulletin: Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty used by MobileFirst Platform Foundation

Feb 27, 2020 7:01 pm EST | Medium Severity

IBM MobileFirst Platform Foundation has addressed the following vulnerability.Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty ...read more


Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4663 and CVE-2019-4720)

Feb 27, 2020 7:00 pm EST | Medium Severity

Security vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center). IBM Spectrum Control has addressed the following CVEs. ...read more


Security Bulletin: MobileFirst Platform Foundation is affected by WebSphere Application Server Liberty is affected by Apache Commons Compress vulnerability (CVE-2019-12402)

Feb 27, 2020 7:00 pm EST | Medium Severity

IBM MobileFirst Platform Foundation has addressed the following vulnerability.WebSphere Application Server Liberty is affected by Apache Commons Compress vulnerability ...read more