Cross-Site Scripting Vulnerability in IBM Jazz for Service Management
CVE-2024-52892

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Jazz For Service Management
Vendor: CVE Published:; 6 February 2025

Summary

IBM Jazz for Service Management versions 1.1.3 through 1.1.3.23 have a vulnerability allowing unauthenticated attackers to insert malicious JavaScript code into the Web UI. This code execution can manipulate the interface, potentially leading to the disclosure of sensitive user credentials during active sessions. Such vulnerabilities can significantly compromise user security and data integrity.

Affected Version(s)

Jazz for Service Management 1.1.3 <= 1.1.3.23

References

https://www.ibm.com/support/pages/node/7182508

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 6, 2025
Vulnerability Reserved
Nov 17, 2024