Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM82CC821BA50AC1CC0BFF8022340335CF4B6D1F44D2D7766FB941ED5911662BCD
HistoryJul 30, 2021 - 5:04 a.m.

Security Bulletin: Multiple vulnerabilities in Tivoli Netcool/OMNIbus WebGUI (CVE-2021-29803, CVE-2021-29804, CVE-2021-29805, CVE-2021-29822)

2021-07-3005:04:15
www.ibm.com
6

0.001 Low

EPSS

Percentile

19.9%

JSON

Summary

Fix is available for vulnerabilities in Tivoli Netcool/OMNIbus WebGUI (CVE-2021-29803, CVE-2021-29804, CVE-2021-29805, CVE-2021-29822).

Vulnerability Details

CVEID:CVE-2021-29804
**DESCRIPTION:**IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204262 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)

CVEID:CVE-2021-29805
**DESCRIPTION:**IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204263 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)

CVEID:CVE-2021-29803
**DESCRIPTION:**IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204164 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)

CVEID:CVE-2021-29822
**DESCRIPTION:**IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204349 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Netcool/OMNIbus_GUI 8.1.x

Remediation/Fixes

Product VRMF APAR Remediation/First Fix
Tivoli Netcool/OMNIbus WebGUI 8.1.0 IJ32887 Apply Fix Pack 23 (Fix Pack for WebGUI 8.1.0 Fix Pack 23)

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli netcool/omnibuseq8.1.0

Related

nvd 4
prion 4
cvelist 4
cve 4
cnvd 4
nvd
nvd
CVE-2021-29805
2021-07-12 16:15:09
CVE-2021-29822
2021-07-12 16:15:09
CVE-2021-29803
2021-07-12 16:15:09
prion
prion
Cross site scripting
2021-07-12 16:15:00
Cross site scripting
2021-07-12 16:15:00
Cross site scripting
2021-07-12 16:15:00
cvelist
cvelist
CVE-2021-29803
2021-07-09 00:00:00
CVE-2021-29805
2021-07-09 00:00:00
CVE-2021-29822
2021-07-09 00:00:00
cve
cve
CVE-2021-29822
2021-07-12 16:15:09
CVE-2021-29805
2021-07-12 16:15:09
CVE-2021-29803
2021-07-12 16:15:09
cnvd
cnvd
IBM Tivoli Netcool/OMNIbus Web GUI Storage Based Cross-Site Scripting Vulnerability (CNVD-2022-05122)
2021-07-13 00:00:00
IBM Tivoli Netcool/OMNIbus Web GUI Cross-Site Scripting Vulnerability (CNVD-2021-57447)
2021-07-13 00:00:00
IBM Tivoli Netcool/OMNIbus Web GUI Cross-Site Scripting Vulnerability (CNVD-2021-57448)
2021-07-13 00:00:00

0.001 Low

EPSS

Percentile

19.9%

JSON
Related for 82CC821BA50AC1CC0BFF8022340335CF4B6D1F44D2D7766FB941ED5911662BCD
nvd4prion4cvelist4cve4cnvd4