Cross-Site Scripting Vulnerability in IBM Engineering Requirements Quality Assistant
CVE-2021-29788

5.4MEDIUM

Key Information:

Vendor

IBM
Status
Engineering Requirements Quality Assistant On-premises
Vendor
CVE Published:
18 July 2022

What is CVE-2021-29788?

IBM Engineering Requirements Quality Assistant On-Premises is susceptible to cross-site scripting (XSS), enabling potential attackers to inject arbitrary JavaScript code into the web interface. This manipulation can lead to the alteration of expected functionality, which may facilitate the disclosure of sensitive information like user credentials during trusted sessions. To safeguard against this vulnerability, users should apply patches and adhere to best security practices.

Affected Version(s)

Engineering Requirements Quality Assistant On-Premises All

References

https://www.ibm.com/support/pages/node/6604005
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/203310
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.