IBM Navigator for i heritage version is vulnerable to the issue described in the vulnerability details section. IBM i has addressed the applicable CVE as described in the remediation/fixes section.
CVEID:CVE-2021-38876
**DESCRIPTION:**IBM i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM i | 7.4 |
IBM i | 7.3 |
IBM i | 7.2 |
The issue can be fixed by applying PTFs to IBM i. Releases 7.4, 7.3, and 7.2 of IBM i are supported and will be fixed. The IBM i PTF numbers containing the fix for the CVE follow. Future Group PTFs for HTTP Server will also contain the fixes for this CVE.
Release 7.4 - SI77613, SI77614
Release 7.3 - SI77615, SI77616
Release 7.2 - SI77617, SI77618
<https://www.ibm.com/support/fixcentral>
_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
None