Lucene search

IBM0E5357AD1B5934D6B4BF89C093A8253B44ECC917920A54B279C622D9DF8DA9D5

HistoryJul 28, 2023 - 7:51 p.m.

Security Bulletin: JSuites is vulnerable to cross-site scripting (CVE-2021-41086)

2023-07-2819:51:46

www.ibm.com

jsuites

cross-site scripting

ibm tririga

version 3.8

version 4.0

tririga application suite

version 3.6.1

application platform 4.5

passport advantage.

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

36.6%

JSON

Summary

CVE-2021-41086 JSuites is vulnerable to cross-site scripting

Vulnerability Details

CVEID:CVE-2021-41086
**DESCRIPTION:**jSuites is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clipboard. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209891 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM TRIRIGA	3.8, 4.0
Tririga Application Suite	4.0
IBM TRIRIGA Application Platform	3.6.1
IBM TRIRIGA	4.0

Remediation/Fixes

Please upgrade to IBM TRIRIGA Application Platform 4.5 Passport Advantage.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmtririga_application_platformMatch4.3

VendorProductVersionCPE
ibmtririga_application_platform4.3cpe:2.3:a:ibm:tririga_application_platform:4.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tririga_application_platform	4.3	cpe:2.3:a:ibm:tririga_application_platform:4.3:::::::*

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

36.6%

JSON

Related for 0E5357AD1B5934D6B4BF89C093A8253B44ECC917920A54B279C622D9DF8DA9D5