CVE-2020-4987

Name of the Vulnerable Software and Affected Versions IBM FlashSystem 900 versions 1.5.2.8 and prior IBM FlashSystem 900 versions 1.6.1.2 and prior

Description The issue concerns stored cross-site scripting in the user management GUI, allowing users to embed arbitrary JavaScript code in the Web UI. This could alter the intended functionality, potentially leading to credentials disclosure within a trusted session.

Recommendations For versions 1.5.2.8 and prior, update to a version later than 1.5.2.8 to resolve the issue. For versions 1.6.1.2 and prior, update to a version later than 1.6.1.2 to resolve the issue.