PT-2021-11243 · Intland · Codebeamer Alm
Alex Joss
+1
·
Published
2021-06-08
·
Updated
2023-10-18
·
CVE-2020-26517
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Intland codeBeamer ALM versions 10.x through 10.1.SP4
Description:
A cross-site scripting (XSS) issue was discovered. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project, using the users import functionality, and changing the login text in the application configuration.
Recommendations:
For versions 10.x through 10.1.SP4, consider disabling the WebDAV functionality, restricting the use of the users import functionality to necessary admin tasks, and avoiding changes to the login text in the application configuration until a patch is available.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Codebeamer Alm