Fix is available for multiple vulnerabilities affecting Tivoli Netcool/OMNIbus WebGUI.
CVEID:CVE-2021-29808
**DESCRIPTION:**IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204269 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
CVEID:CVE-2021-29809
**DESCRIPTION:**IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204270 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
CVEID:CVE-2021-29819
**DESCRIPTION:**IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204346 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID:CVE-2021-29856
**DESCRIPTION:**IBM Tivoli Netcool/OMNIbus_GUI could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205685 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2021-29820
**DESCRIPTION:**IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204347 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID:CVE-2021-29811
**DESCRIPTION:**IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI stores user credentials in plain clear text which can be read by an authenticated admin user.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204329 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2021-29818
**DESCRIPTION:**IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204345 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID:CVE-2021-29817
**DESCRIPTION:**IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204343 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID:CVE-2021-29821
**DESCRIPTION:**IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204348 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID:CVE-2021-29806
**DESCRIPTION:**IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204264 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
CVEID:CVE-2021-29807
**DESCRIPTION:**IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204265 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Netcool/OMNIbus_GUI | 8.1.x |
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
Tivoli Netcool/OMNIbus WebGUI | 8.1.0 | IJ33573 | Apply Fix Pack 24 (Fix Pack for WebGUI 8.1.0 Fix Pack 24) |
For unsupported versions IBM recommends upgrading to a fixed, supported version of the product.
Upgrade to WebGUI 8.1.0 Fix Pack 24.
CPE | Name | Operator | Version |
---|---|---|---|
tivoli netcool/omnibus | eq | 8.1.0 |