Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products
CVE-2021-20506

5.4MEDIUM

Summary

IBM Jazz Foundation Products are affected by a cross-site scripting vulnerability that enables attackers to embed arbitrary JavaScript code within the Web UI. This flaw can lead to significant security risks, allowing unauthorized code execution which may compromise user credentials during active sessions. Organizations utilizing these products should take immediate action to safeguard against potential exploitation. For additional information, refer to IBM's official guidance.

Affected Version(s)

Engineering Lifecycle Optimization 7.0

Engineering Lifecycle Optimization 7.0.1

Engineering Lifecycle Optimization 7.0.2

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.