CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4447
https://notcve.org/view.php?id=CVE-2020-4447
23 Jul 2020 — IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181227. IBM FileNet Content Manager versiones 5.5.3 y 5.5.4, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario... • https://exchange.xforce.ibmcloud.com/vulnerabilities/181227 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4572
https://notcve.org/view.php?id=CVE-2019-4572
14 Oct 2019 — IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798. Las versiones 5.5.2 y 5.5.3 de IBM FileNet Content Manager en configuraciones específicas, podría registrar las credenciales de usuario del servicio web en un archivo de registro al que podría acceder un administrador en la máquina local. ID de IBM X-Force: 166798. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166798 • CWE-532: Insertion of Sensitive Information into Log File •