Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management and Tivoli Netcool
CVE-2021-29832
6.4MEDIUM
Summary
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI are affected by a stored cross-site scripting vulnerability. This flaw enables an attacker to inject arbitrary JavaScript code into the web user interface, potentially compromising user sessions and leading to sensitive data exposure. Users in trusted environments could unintentionally execute malicious scripts, making this a significant concern for secure web operations.
Affected Version(s)
Jazz for Service Management 1.1.3.10
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved