Security Bulletin: IBM Navigator for i is affected by security vulnerability (CVE-2021-38876)

Summary

IBM Navigator for i heritage version is vulnerable to the issue described in the vulnerability details section. IBM i has addressed the applicable CVE as described in the remediation/fixes section.

Vulnerability Details

CVEID:CVE-2021-38876
**DESCRIPTION:**IBM i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

The issue can be fixed by applying PTFs to IBM i. Releases 7.4, 7.3, and 7.2 of IBM i are supported and will be fixed. The IBM i PTF numbers containing the fix for the CVE follow. Future Group PTFs for HTTP Server will also contain the fixes for this CVE.

Release 7.4 - SI77613, SI77614
Release 7.3 - SI77615, SI77616
Release 7.2 - SI77617, SI77618

<https://www.ibm.com/support/fixcentral&gt;

_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.

Workarounds and Mitigations

None