2 matches found
Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to cross-site scripting when receive data in HTTP request in unsafe way.(CVE-2021-38871)
Summary Summary guidance: - The Jazz Team Server is vulnerable to cross-site scripting when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way, in this case, the parameter cryptojs is vulnerable to this type of attack. Vulnerabili...
CVE-2021-38871
CVE-2021-38871 affects IBM Jazz Team Server (versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2). Root cause: cross-site scripting due to unsafe handling of data in HTTP requests that is reflected in the Web UI, enabling an attacker to embed arbitrary JavaScript and potentially disclose credentials withi...