CVE-2021-20361
Description
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195032.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting via a dynamically constructed href attribute, potentially allowing credential disclosure.
Vulnerability
IBM Cloud Pak for Applications version 4.3 is vulnerable to cross-site scripting (XSS) due to a dynamically constructed href attribute in the Web UI. This allows users to embed arbitrary JavaScript code into the interface. The vulnerability affects all deployments of version 4.3 [1].
Exploitation
An attacker with low privileges can craft a malicious link containing JavaScript code. When a victim user clicks the link, the script executes in the context of the trusted session. User interaction is required for exploitation [1].
Impact
Successful exploitation enables the attacker to execute arbitrary JavaScript in the victim's browser, altering the intended functionality of the Web UI. This can lead to disclosure of sensitive information, such as credentials, within the trusted session [1].
Mitigation
IBM released version 4.3.1 to fix this vulnerability. Users should upgrade to 4.3.1 or later. No workarounds are available [1]. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 4.3
- IBM/Cloud Pak for Applicationsv5Range: 4.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/195032mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6471269mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.