Medium Severity

Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29810)

Share this post:

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE(s): CVE-2021-29810

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Jazz for Service Management 1.1.3.10

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6491547
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/204279

More stories

Security Bulletin: PostgreSQL Vulnerability Affects IBM Connect:Direct Web Service (CVE-2021-32028)

Oct 21, 2021 8:00 pm EDT | Medium Severity

There is a vulnerability in PostgreSQL versions used by IBM Connect:Direct Web Service. IBM Connect:Direct Web Services has addressed the applicable CVE. ...read more


Security Bulletin: Cross-Site scripting vulnerability affect IBM Business Automation Workflow – CVE-2021-29835

Oct 21, 2021 8:00 pm EDT | Medium Severity

IBM Business Automation Workflow are vulnerable to a Cross Site Scripting attack. ...read more


Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to regular expression denial of service due to a vulnerability in the Node.js validator module

Oct 20, 2021 8:02 pm EDT | Medium Severity

IBM App Connect Enterprise Certified Container may be vulnerable to a regular expression denial of service attack when parsing an Open API/Swagger document, due to a vulnerability in the Node.js validator module ...read more