cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CVE-2020-12082 Remediated in Code Insight

CVE-2020-12082 Remediated in Code Insight

Summary

A stored cross-site scripting (XSS) issues impact certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). 

Symptoms

**** Only the following information is permitted to be distributed to users of products enabled with Code Insight:

- CVE number (if available)

- CWE ID

- CVSS scores

- Any publicly available information

****

The cross-site scripting (XSS) issues were assigned a CVSS v3 score of 3.4; that is low severity.

Resolution

Code Insight 2020 R1 SP1 release (7.11.1-7) or later address the cross-site scripting issues with the Web UI. This version and greater is available for download on the Product and License Center. We advise Code Insight customers to update to the latest version. 

Additional Information

For identifying this vulnerability and disclosing it to Revenera under a responsible disclosure process, we'd like to thank Goutham Madhwaraj

Related Documents

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12082

Labels (1)
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Nov 17, 2020 01:52 PM
Updated by:
Contributors