Security Bulletin: Multiple security vulnerabilities have been identified in components shipped with Tivoli Netcool/OMNIbus WebGUI

Summary

IBM Jazz for Service Management (JazzSM) and Websphere Application Server (WAS) are shipped as components of Tivoli Netcool/OMNIbus WebGUI. Information about the security vulnerabilities affecting JazzSM and WAS have been published in multiple security bulletins.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

Please consult the listed security bulletins for vulnerability details and information about the fixes:

• IBM Jazz for Service Management is vulnerable to cross-site request forgery (CVE-2021-29816)
• IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29800)
• IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29815)
• IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29810)
• IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29812)
• IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29832)
• IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29833)
• IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29813)
• IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29814)
• WebSphere Application Server is vulnerable to Information Disclosure (CVE-2021-29842)

Workarounds and Mitigations

None