Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM40F494A8B9106AFA5395263A8498C264E08ED16F0A67CC9A708DD5E914420B19
HistoryJul 13, 2022 - 7:37 a.m.

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to cross-site scripting (CVE-2021-39015)

2022-07-1307:37:37
www.ibm.com
36
ibm
publishing
xss
vulnerability
fix
upgrade
ifix016
ifix017
ifix013

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

19.6%

JSON

Summary

IBM Engineering Lifecycle Optimization - Publishing is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI, thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVE-2021-39015.

Vulnerability Details

CVEID:CVE-2021-39015
**DESCRIPTION:**IBM Engineering Lifecycle Optimization - Publishing is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213655 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)|**Version(s)
**
—|—
IBM Engineering Lifecycle Optimization - Publishing| 7.0
IBM Engineering Lifecycle Optimization - Publishing| 7.0.1
IBM Engineering Lifecycle Optimization - Publishing| 7.0.2

Remediation/Fixes

For IBM Publishing 7.0, upgrade to ifix016 or later, which can be downloaded from:
IBM Publishing 7.0 iFix016

For IBM Publishing 7.0.1, upgrade to ifix017 or later, which can be downloaded from:
IBM Publishing 7.0.1 iFix017

For IBM Publishing 7.0.2, upgrade to ifix013 or later, which can be downloaded from:
IBM Publishing 7.0.2 iFix013

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmengineering_lifecycle_optimization_-_publishingMatch7.0
OR
ibmengineering_lifecycle_optimization_-_publishingMatch7.0.1
OR
ibmengineering_lifecycle_optimization_-_publishingMatch7.0.2
OR
ibmengineering_lifecycle_optimization_-_publishingMatch7.0
OR
ibmengineering_lifecycle_optimization_-_publishingMatch7.0.1
OR
ibmengineering_lifecycle_optimization_-_publishingMatch7.0.2
VendorProductVersionCPE
ibmengineering_lifecycle_optimization_-_publishing7.0cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:*:*:*:*:*:*:*
ibmengineering_lifecycle_optimization_-_publishing7.0.1cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.1:*:*:*:*:*:*:*
ibmengineering_lifecycle_optimization_-_publishing7.0.2cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:*

Related

nvd 1
cve 1
cvelist 1
prion 1
cnvd 1
nvd
nvd
CVE-2021-39015
2022-07-14 17:15:08
cve
cve
CVE-2021-39015
2022-07-14 17:15:08
cvelist
cvelist
CVE-2021-39015
2022-07-14 16:15:23
prion
prion
Cross site scripting
2022-07-14 17:15:00
cnvd
cnvd
IBM Engineering Lifecycle Optimization跨站脚本漏洞(CNVD-2022-55503)
2022-07-18 00:00:00

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

19.6%

JSON
Related for 40F494A8B9106AFA5395263A8498C264E08ED16F0A67CC9A708DD5E914420B19
nvd1cve1cvelist1prion1cnvd1