CVE-2021-20362
Description
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195033.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting (XSS) allowing arbitrary JavaScript injection that could lead to credential disclosure.
Vulnerability
IBM Cloud Pak for Applications version 4.3 is vulnerable to cross-site scripting (XSS). This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality. The issue affects all versions of IBM Cloud Pak for Applications 4.3. [1]
Exploitation
An attacker with low-privilege authenticated access can craft a malicious link or payload that, when interacted with by another user, executes arbitrary JavaScript in the context of the victim's session. The attack requires user interaction (e.g., clicking a link) and leverages the stored XSS vector. [1]
Impact
Successful exploitation could lead to disclosure of credentials within a trusted session, as the injected script can access cookies, session tokens, or other sensitive information. The CVSS v3.0 base score is 5.4, with low impact to confidentiality and integrity, and no impact to availability. [1]
Mitigation
The vulnerability is fixed in IBM Cloud Pak for Applications version 4.3.1. Upgrading to this version eliminates the risk. No workarounds are available. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 4.3
- IBM/Cloud Pak for Applicationsv5Range: 4.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/195033mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6471343mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.