Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM18093683E84B728958E0F281A825617C8CB9BDD8849E82D9F8BE38883660CB4C
HistoryDec 01, 2023 - 10:35 a.m.

Security Bulletin: Multiple vulnerabilities in jQuery affect IBM Tivoli Netcool Impact

2023-12-0110:35:31
www.ibm.com
9
ibm tivoli netcool impact
jquery
vulnerabilities
cross-site scripting
cve-2021-41182
cve-2021-41183
cve-2021-41184
cve-2022-31160
remote attacker
cvss score
user interface
security bulletin
web browser
cookie-based authentication

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.2 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

72.8%

JSON

Summary

jQuery is shipped with IBM Tivoli Netcool Impact as part of its user interface. Information about security vulnerabilities affecting jQuery has been published in a security bulletin.

Vulnerability Details

CVEID:CVE-2021-41182
**DESCRIPTION:**jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Datepicker widget. A remote attacker could exploit this vulnerability using the altField parameter to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212274 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)

CVEID:CVE-2021-41183
**DESCRIPTION:**jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Datepicker widget. A remote attacker could exploit this vulnerability using the Text parameter to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212276 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)

CVEID:CVE-2021-41184
**DESCRIPTION:**jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the .position() function. A remote attacker could exploit this vulnerability using the of parameter to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212277 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)

CVEID:CVE-2022-31160
**DESCRIPTION:**jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widget. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231462 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Netcool Impact 7.1.0

Remediation/Fixes

** IBM strongly recommends addressing the vulnerability now.**

Product VRMF APAR Remediation
IBM Tivoli Netcool Impact 7.1.0.0 - 7.1.0.31 7.1.0.32 IJ48780 Upgrade to IBM Tivoli Netcool Impact 7.1.0 FP32

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli netcool/impacteq7.1.0

Related

nessus 34
debian 3
openvas 22
osv 16
ibm 36
fedora 9
ubuntu 2
f5 2
checkpoint_advisories 2
drupal 3
redhat 1
veracode 4
prion 4
alpinelinux 2
debiancve 4
github 4
redhatcve 4
ubuntucve 4
cve 4
huntr 1
adobe 1
oracle 9
tenable 1
nessus
nessus
Debian DLA-3230-1 : jqueryui - LTS security update
2022-12-08 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : jQuery UI vulnerabilities (USN-6419-1)
2023-10-05 00:00:00
jQuery UI < 1.13.0 Multiple Vulnerabilities
2021-11-04 00:00:00
debian
debian
[SECURITY] [DLA 3230-1] jqueryui security update
2022-12-07 10:30:00
[SECURITY] [DLA-2889-1] drupal7 security update
2022-01-19 20:00:29
[SECURITY] [DLA 3551-1] otrs2 security update
2023-08-31 00:20:25
openvas
openvas
Debian: Security Advisory (DLA-3230-1)
2022-12-08 00:00:00
Fedora: Security Advisory for js-jquery-ui (FEDORA-2021-013ab302be)
2021-12-04 00:00:00
Ubuntu: Security Advisory (USN-6419-1)
2023-10-06 00:00:00
osv
osv
jqueryui - security update
2022-12-07 00:00:00
jqueryui vulnerabilities
2023-10-05 12:36:27
jqueryui vulnerability
2022-09-09 09:31:52
ibm
ibm
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183
2023-03-27 17:00:47
Security Bulletin: IBM Security QRadar SOAR is using a component vulnerable to Cross Site Scripting (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184)
2022-03-03 17:06:48
Security Bulletin: Multiple vulnerabilities in jQuery-UI affect IBM Tivoli Netcool Impact (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184)
2021-12-10 10:54:12
fedora
fedora
[SECURITY] Fedora 34 Update: js-jquery-ui-1.13.0-1.fc34
2021-11-20 01:11:49
[SECURITY] Fedora 33 Update: js-jquery-ui-1.13.0-1.fc33
2021-11-20 01:45:55
[SECURITY] Fedora 35 Update: js-jquery-ui-1.13.0-1.fc35
2021-11-20 01:08:33
ubuntu
ubuntu
jQuery UI vulnerabilities
2023-10-05 00:00:00
jQuery UI vulnerability
2022-09-09 00:00:00
f5
f5
K50455702 : jQuery vulnerabilities CVE-2021-41182, CVE-2021-41183, and CVE-2021-41184
2022-03-28 00:00:00
K000134507 : jQuery UI vulnerability CVE-2022-31160
2023-05-08 00:00:00
checkpoint_advisories
checkpoint_advisories
jQuery UI Datepicker Widget Cross Site Scripting (CVE-2021-41182; CVE-2021-41183)
2022-03-14 00:00:00
jQuery UI Cross-site Scripting (CVE-2021-41184)
2022-10-19 00:00:00
drupal
drupal
jQuery UI Datepicker - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-004
2022-01-19 00:00:00
Drupal core - Moderately critical - Cross site scripting - SA-CORE-2022-002
2022-01-19 00:00:00
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2022-001
2022-01-19 00:00:00
redhat
redhat
(RHSA-2022:4711) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update
2022-05-26 16:04:07
veracode
veracode
Cross-site Scripting (XSS)
2022-07-19 05:25:38
Cross-site Scripting (XSS)
2021-10-27 06:12:09
Cross-site Scripting (XSS)
2021-10-27 05:33:22
prion
prion
Cross site scripting
2022-07-20 20:15:00
Code injection
2021-10-26 15:15:00
Code injection
2021-10-26 15:15:00
alpinelinux
alpinelinux
CVE-2021-41182
2021-10-26 15:15:00
CVE-2021-41183
2021-10-26 15:15:00
debiancve
debiancve
CVE-2021-41182
2021-10-26 15:15:00
CVE-2022-31160
2022-07-20 20:15:00
CVE-2021-41183
2021-10-26 15:15:00
github
github
XSS in the `altField` option of the Datepicker widget in jquery-ui
2021-10-26 14:55:02
XSS in `*Text` options of the Datepicker widget in jquery-ui
2021-10-26 14:55:21
XSS in the `of` option of the `.position()` util in jquery-ui
2021-10-26 14:55:12
redhatcve
redhatcve
CVE-2021-41184
2021-11-01 17:41:18
CVE-2022-31160
2022-07-25 18:12:42
CVE-2021-41182
2021-11-01 17:41:12
ubuntucve
ubuntucve
CVE-2021-41184
2021-10-26 00:00:00
CVE-2022-31160
2022-07-20 00:00:00
CVE-2021-41182
2021-10-26 00:00:00
cve
cve
CVE-2021-41182
2021-10-26 15:15:00
CVE-2022-31160
2022-07-20 20:15:00
CVE-2021-41183
2021-10-26 15:15:00
huntr
huntr
Jquery UI 1.13.1 in use which is vulnerable to CVE-2022-31160
2023-02-20 08:50:55
adobe
adobe
APSB23-50 : Security update available for Adobe Commerce
2023-10-10 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.2 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

72.8%

JSON
Related for 18093683E84B728958E0F281A825617C8CB9BDD8849E82D9F8BE38883660CB4C
nessus34debian3openvas22osv16ibm36fedora9ubuntu2f52checkpoint_advisories2drupal3redhat1veracode4prion4alpinelinux2debiancve4github4redhatcve4ubuntucve4cve4huntr1adobe1oracle9tenable1