5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
A cross-site scripting vulnerability exists in IBM Jazz for Service Management, an integrated service management product from International Business Machines (IBM) that provides visibility into the service management environment, and stems from a vulnerability that allows a user to store cross-site scripting in the Web UI via Embedding arbitrary JavaScript code that alters the intended functionality could lead to credential disclosure in trusted sessions. No details of the vulnerability are currently available.