CVE-2021-29673

Published: Oct 27, 2021Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482.

Affected (15)

Products: Ibm: Engineering Lifecycle Optimization, Engineering Workflow Management, Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Team Concert

Ibm

6 products

Engineering Lifecycle Optimization

Engineering Workflow Management

Rational Collaborative Lifecycle Management

Rational Doors Next Generation

Rational Engineering Lifecycle Manager

Rational Team Concert

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Ibm Engineering Lifecycle Optimization	Version 7.0.1
Ibm Engineering Lifecycle Optimization	Version 7.0.2
Ibm Engineering Workflow Management	Version 7.0.1
Ibm Engineering Workflow Management	Version 7.0.2
Ibm Rational Collaborative Lifecycle Management	Version 6.0.1
Ibm Rational Collaborative Lifecycle Management	Version 6.0.6
Ibm Rational Doors Next Generation	Version 7.0.1
Ibm Rational Doors Next Generation	Version 7.0.2
Ibm Rational Doors Next Generation	Version 7.0
Ibm Rational Engineering Lifecycle Manager	Version 7.0
Ibm Rational Team Concert	Version 6.0.1
Ibm Rational Team Concert	Version 6.0.6
Ibm Rational Team Concert	Version 7.0.1
Ibm Rational Team Concert	Version 7.0.2
Ibm Rational Team Concert	Version 7.0