Medium Severity

Security Bulletin: IBM Control Desk is vulnerable to Cross-Site Scripting Vulnerability (CVE-2021-20559)

Share this post:

IBM Control Desk is vulnerable to Cross-Site Scripting Vulnerability

CVE(s): CVE-2021-20559

Affected product(s) and affected version(s):

This vulnerability affects the following versions of the IBM Control Desk (ICD). Older versions of IBM Control Desk (ICD) may be impacted. The recommended action is to update to the latest version.

IBM Control Desk core product versions affected:

Affected Product(s) Version(s)
IBM Control Desk IBM Control Desk 7.6.1.2 and 7.6.1.3

* To determine the core product version, log in and view System Information. The core product version is the "Tivoli's process automation engine" version. Please consult the Product Coexistence Matrix for a list of supported product combinations.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6450759
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199228

More stories

Security Bulletin: WebSphere Application Server Java Batch is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2021-20492)

Jun 19, 2021 8:00 pm EDT | Medium Severity

WebSphere Application Server Java Batch is vulnerable to an XML External Entity Injection (XXE) vulnerability. This has been addressed. ...read more


Security Bulletin: IBM Security Identity Manager Virtual Appliance deprecated Self Service UI contains Struts V1 (CVE-2016-1182)

Jun 17, 2021 8:00 pm EDT | Medium Severity

IBM Security Identity Manager Virtual Appliance made code changes to remove the deprecated function and its associated Struts V1 code library. ...read more


Security Bulletin: IBM Security Identity Manager deprecated Self Service UI contains Struts V1 (CVE-2016-1182)

Jun 17, 2021 8:00 pm EDT | Medium Severity

IBM Security Identity Manager made code changes to remove the deprecated function and its related Struts V1 code library. ...read more