Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management
CVE-2022-35722

6.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
28 September 2022

Summary

IBM Jazz for Service Management is susceptible to a stored cross-site scripting vulnerability that permits users to inject arbitrary JavaScript code into the Web UI. This can lead to significant alterations in the intended functionality of the application, with the potential for unauthorized access to sensitive information, including user credentials, within a trusted session. Organizations using this software should take immediate action to mitigate potential risks associated with this exposure.

Affected Version(s)

Jazz for Service Management 1.1.3

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.