IBM Jazz for Service Management Cross-Site Scripting Vulnerability (CNVD-2021-99677)

Jazz is IBM Rational’s next-generation collaboration platform for software delivery technologies.The Jazz platform has been carefully designed and developed specifically for global and cross-geographic teams and will change the way people collaborate to build software - improving the collaboration, efficiency and transparency of software delivery.IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI suffer from a cross-site scripting vulnerability. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web UI to alter the intended functionality, which could lead to credential disclosure in trusted sessions.