CVE-2020-7576

Name of the Vulnerable Software and Affected Versions Camstar Enterprise Platform versions all Opcenter Execution Core versions prior to V8.2 Opcenter Execution Core version V8.2

Description A stored Cross-Site Scripting (XSS) attack can be performed by an authenticated user with the ability to create containers, packages, or register defects. This could result in the session cookies of legitimate users being stolen, allowing the attacker to hijack the session and perform arbitrary actions in the name of the victim.

Recommendations For Camstar Enterprise Platform versions all, update to a version that includes the fix for this issue. For Opcenter Execution Core versions prior to V8.2, update to version V8.2 or later. For Opcenter Execution Core version V8.2, consider disabling the functionality that allows users to create containers, packages, or register defects until a patch is available.