Cross-Site Scripting Vulnerability in IBM Jazz Team Server
CVE-2021-29713

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Rational Collaborative Lifecycle Management; Engineering Lifecycle Optimization; Rational Engineering Lifecycle Manager; Rational Doors Next Generation
Vendor: CVE Published:; 27 October 2021

Summary

IBM Jazz Team Server is susceptible to a cross-site scripting vulnerability that permits malicious users to inject arbitrary JavaScript into the web interface. This flaw can modify the expected functionality of the application, potentially leading to the disclosure of sensitive credentials in the context of an authenticated user session, thus posing significant security risks.

Affected Version(s)

Engineering Lifecycle Optimization 7.0.1

Engineering Lifecycle Optimization 7.0.2

Engineering Workflow Management 7.0

References

https://www.ibm.com/support/pages/node/6508583

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/200967

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 27, 2021
Vulnerability Reserved
Mar 31, 2021