Cross-Site Scripting Vulnerability in IBM Jazz for Service Management
CVE-2019-4718

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Jazz For Service Management
Vendor: CVE Published:; 23 March 2020

Summary

IBM Jazz for Service Management version 3.13 contains a vulnerability that allows attackers to exploit cross-site scripting (XSS). This issue permits the embedding of arbitrary JavaScript code in the Web UI, which could modify the expected functionality of the application. Consequently, this could lead to the disclosure of user credentials within a trusted session, posing significant security risks to users.

Affected Version(s)

Jazz for Service Management 3.13

References

https://www.ibm.com/support/pages/node/6113470

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/172123

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 23, 2020
Vulnerability Reserved
Jan 3, 2019