Ibm · Ibm Flashsystem 900 · CVE-2020-4987
**Name of the Vulnerable Software and Affected Versions**
IBM FlashSystem 900 versions 1.5.2.8 and prior
IBM FlashSystem 900 versions 1.6.1.2 and prior
**Description**
The issue concerns stored cross-site scripting in the user management GUI, allowing users to embed arbitrary JavaScript code in the Web UI. This could alter the intended functionality, potentially leading to credentials disclosure within a trusted session.
**Recommendations**
For versions 1.5.2.8 and prior, update to a version later than 1.5.2.8 to resolve the issue.
For versions 1.6.1.2 and prior, update to a version later than 1.6.1.2 to resolve the issue.