XML External Entity Injection in IBM Jazz for Service Management and Tivoli Netcool/OMNIbus_GUI
CVE-2021-29831

7.1HIGH

Key Information:

Vendor: IBM
Status: Jazz For Service Management
Vendor: CVE Published:; 21 September 2021

Summary

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI are susceptible to XML External Entity Injection (XXE) attacks. This vulnerability allows a remote attacker to exploit the system by sending crafted XML data, potentially leading to the exposure of sensitive information or causing exhaustion of system resources. Organizations using affected versions should take immediate action to mitigate risks associated with this vulnerability.

Affected Version(s)

Jazz for Service Management 1.1.3.10

References

https://www.ibm.com/support/pages/node/6490905

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/204775

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 21, 2021
Vulnerability Reserved
Mar 31, 2021