CNNVD-202602-205 Information
CNNVD ID
CNNVD-202602-205
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
IBM Engineering Lifecycle Management - Global Configuration Management是美国国际商业机器(IBM)公司的一个配置管理软件。 IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3版本至7.0.3 Interim Fix 017版本和7.1.0版本至7.1.0 Interim Fix 004版本存在跨站脚本漏洞,该漏洞源于允许在Web UI中嵌入任意JavaScript代码,可能导致凭据泄露。
Description (English)
IBM Engineering Lifestyle Management - Global Construction Management is a configuration management software for IBM. IBM Engineering Lifestyle Management - Global Construction Management 7.0.3 to 7.0.3 Interim Fix 017 and 7.1.0 to 7.1.0 Interim Fix 004 have cross-site script gaps, which stem from allowing the embedding of arbitrary JavaScript codes in Web UI, which may lead to the disclosure of evidence.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
国际商业机器
Published
2026-02-03
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7258063
Patch
https://www.ibm.com/support/pages/node/7258063
Share on: