Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management
CVE-2022-35722
6.4MEDIUM
Summary
IBM Jazz for Service Management is susceptible to a stored cross-site scripting vulnerability that permits users to inject arbitrary JavaScript code into the Web UI. This can lead to significant alterations in the intended functionality of the application, with the potential for unauthorized access to sensitive information, including user credentials, within a trusted session. Organizations using this software should take immediate action to mitigate potential risks associated with this exposure.
Affected Version(s)
Jazz for Service Management 1.1.3
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved