Lucene search

IBME04B3F4AFA442ABBE75178323985FAE09F0103280D7157981064B5910C43C6C2

HistoryNov 21, 2022 - 8:45 p.m.

Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2022-35722)

2022-11-2120:45:43

www.ibm.com

ibm jazz for service management

stored cross-site scripting

cve-2022-35722

credentials disclosure

vulnerability

fix

version 1.1.3

javascript code

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

19.6%

JSON

Summary

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability can exploit or hijack authenticated users sessions.

Vulnerability Details

CVEID:CVE-2022-35722
**DESCRIPTION:**IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231381 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Jazz for Service Management	1.1.3

Remediation/Fixes

Affected JazzSM Version	Recommended Fix.
Jazz for Service Management versions 1.1.3.*

1. Install JazzSM 1.1.3.16

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmjazz_for_service_managementMatch1.1.3

CPENameOperatorVersion
jazz for service managementeq1.1.3

CPE	Name	Operator	Version
	jazz for service management	eq	1.1.3