Lucene search

IBM144A5B9E9DC615592F3C08A46D1E13382F6FB66FFFC0B1F4E38249A9D4F88934

HistoryNov 21, 2022 - 8:24 p.m.

Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2022-35721)

2022-11-2120:24:19

www.ibm.com

ibm jazz

service management

vulnerability

cross-site scripting

cve-2022-35721

credentials disclosure

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

19.8%

JSON

Summary

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability can exploit or hijack authenticated users sessions.

Vulnerability Details

CVEID:CVE-2022-35721
**DESCRIPTION:**IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231380 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Jazz for Service Management	1.1.3

Remediation/Fixes

Affected JazzSM Version	Recommended Fix.
Jazz for Service Management versions 1.1.3.*

1. Install JazzSM 1.1.3.16

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmjazz_for_service_managementMatch1.1.3

CPENameOperatorVersion
jazz for service managementeq1.1.3

CPE	Name	Operator	Version
	jazz for service management	eq	1.1.3