Stored Cross-Site Scripting in IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management
CVE-2021-29800
6.4MEDIUM
Summary
IBM Tivoli Netcool/OMNIbus_GUI and Jazz for Service Management contain a security flaw that enables stored cross-site scripting. This vulnerability permits attackers to inject arbitrary JavaScript code into the web interface, potentially compromising user sessions and leading to the unauthorized access of sensitive information, such as credentials. It is critical for users of these products to implement security measures and updates to mitigate risks associated with this exposure.
Affected Version(s)
Jazz for Service Management 1.1.3.10
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved