Medium Severity

Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to cross-site scripting when receive data in HTTP request in unsafe way.(CVE-2021-38871)

Share this post:

Summary guidance: – The Jazz Team Server is vulnerable to cross-site scripting when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way, in this case, the parameter crypto_js is vulnerable to this type of attack.

CVE(s): CVE-2021-38871

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6597503
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208345

More stories

Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to urllib package in Python3 (CVE-2022-0391)

August 9, 2022 | Medium Severity

IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to improper input validation by the urllib.parse module from Python3. Vulnerability is addressed by upgrading Pytthon to version 3.9.7. ...read more


Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to SnakeYAML (CVE-2017-18640)

August 9, 2022 | Medium Severity

MyFG 2.0 of IBM Sterling B2B Integrator uses SnakeYAML. There is a denial of service vulnerability in SnakeYAML which has been addressed. ...read more


Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2021-35550, CVE-2021-35603)

August 9, 2022 | Medium Severity

There are a number of vulnerabilities in the Java JDK used by IBM Event Streams. ...read more