Lucene search

IbmCVE-2021-38934

HistoryAug 29, 2022 - 9:15 p.m.

CVE-2021-38934

2022-08-2921:15:08

CWE-79

ibm

web.nvd.nist.gov

ibm

engineering test management

cve-2021-38934

nvd

cross-site scripting

vulnerability

credentials disclosure

javascript

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

19.6%

JSON

IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671.

Affected configurations

Nvd

Vulners

Node

ibmengineering_test_managementMatch7.0.0

ibmengineering_test_managementMatch7.0.1

ibmengineering_test_managementMatch7.0.2

ibmrational_quality_managerMatch6.0.6

ibmrational_quality_managerMatch6.0.6.1

VendorProductVersionCPE
ibmengineering_test_management7.0.0cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*
ibmengineering_test_management7.0.1cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*
ibmengineering_test_management7.0.2cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*
ibmrational_quality_manager6.0.6cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*
ibmrational_quality_manager6.0.6.1cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	engineering_test_management	7.0.0	cpe:2.3:a:ibm:engineering_test_management:7.0.0:::::::*
ibm	engineering_test_management	7.0.1	cpe:2.3:a:ibm:engineering_test_management:7.0.1:::::::*
ibm	engineering_test_management	7.0.2	cpe:2.3:a:ibm:engineering_test_management:7.0.2:::::::*
ibm	rational_quality_manager	6.0.6	cpe:2.3:a:ibm:rational_quality_manager:6.0.6:::::::*
ibm	rational_quality_manager	6.0.6.1	cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:::::::*

CNA Affected

[
  {
    "product": "Engineering Test Management",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.1"
      },
      {
        "status": "affected",
        "version": "7.0.2"
      },
      {
        "status": "affected",
        "version": "7.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/210671

www.ibm.com/support/pages/node/6615619

Social References