HTML Injection Vulnerability in IBM Jazz Team Server
CVE-2021-20543

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Jazz Team Server
Vendor: CVE Published:; 24 June 2022

Summary

IBM Jazz Team Server versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 contain an HTML injection vulnerability that allows remote attackers to inject harmful HTML code. This injected code can execute in the web browser of a user accessing the compromised server, leading to potential exploitation within the security constraints of the hosting site. Organizations should ensure they have the latest security updates to mitigate this risk.

Affected Version(s)

Jazz Team Server 6.0.6

Jazz Team Server 6.0.6.1

Jazz Team Server 7.0

References

https://www.ibm.com/support/pages/node/6597515

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/198929

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 24, 2022
Vulnerability Reserved
Dec 17, 2020