China National Vulnerability DatabaseCNVD-2021-94311IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Cross-Site Scripting Vulnerability (CNVD-2021-94311)
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI are both products of IBM Corporation, U.S.A. IBM Jazz for Service Management is an integrated service management product that provides visibility into the service management environment. IBM Tivoli Netcool/OMNIbus_GUI is a graphical user interface for the IBM Tivoli Netcool/OMNIbus service level management system. IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI contain a cross-site scripting vulnerability that The vulnerability stems from the lack of effective filtering and escaping of parameters in the Web UI, which can be exploited by attackers to embed arbitrary JavaScript code in the Web UI.
| CPE | Name | Operator | Version |
|---|---|---|---|
| IBM Jazz for Service Management 1. | eq | 1.3.10 |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N