Stored Cross-Site Scripting in IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management
CVE-2021-29800

6.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
23 September 2021

Summary

IBM Tivoli Netcool/OMNIbus_GUI and Jazz for Service Management contain a security flaw that enables stored cross-site scripting. This vulnerability permits attackers to inject arbitrary JavaScript code into the web interface, potentially compromising user sessions and leading to the unauthorized access of sensitive information, such as credentials. It is critical for users of these products to implement security measures and updates to mitigate risks associated with this exposure.

Affected Version(s)

Jazz for Service Management 1.1.3.10

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.