Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management
CVE-2022-35722

6.4MEDIUM

Key Information:

Vendor: IBM
Status: Jazz For Service Management
Vendor: CVE Published:; 28 September 2022

Summary

IBM Jazz for Service Management is susceptible to a stored cross-site scripting vulnerability that permits users to inject arbitrary JavaScript code into the Web UI. This can lead to significant alterations in the intended functionality of the application, with the potential for unauthorized access to sensitive information, including user credentials, within a trusted session. Organizations using this software should take immediate action to mitigate potential risks associated with this exposure.

Affected Version(s)

Jazz for Service Management 1.1.3

References

https://www.ibm.com/support/pages/node/6824117

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/231381

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 28, 2022
Vulnerability Reserved
Jul 12, 2022