Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products
CVE-2021-20352

5.4MEDIUM

Summary

IBM Jazz Foundation Products are susceptible to a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code into the Web UI. This exploitation can modify the expected functionality of the application and may lead to the disclosure of sensitive credentials during trusted sessions. To mitigate this risk, users are advised to implement strong input validation and output encoding practices within the affected products.

Affected Version(s)

Engineering Lifecycle Optimization 7.0

Engineering Lifecycle Optimization 7.0.1

Engineering Lifecycle Optimization 7.0.2

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.