Sensitive Information Exposure in IBM Jazz Team Server
CVE-2021-20355

3.7LOW

Key Information:

Vendor
IBM
Status
Jazz Team Server
Vendor
CVE Published:
24 June 2022

Summary

IBM Jazz Team Server versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 contain a vulnerability that may allow a remote attacker to access sensitive information. This issue arises due to the absence of the HTTPOnly flag on cookies, which can be exploited to retrieve confidential data. Exploitation of this vulnerability highlights the importance of proper cookie management and security configurations in web applications.

Affected Version(s)

Jazz Team Server 6.0.6

Jazz Team Server 6.0.6.1

Jazz Team Server 7.0

References

https://www.ibm.com/support/pages/node/6597583
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/194891
vdb-entryx_refsource_XF

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.