What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2021-29817.

What is the severity of CVE-2021-29817?

The severity of CVE-2021-29817 is medium with a severity value of 5.4.

What is affected by CVE-2021-29817?

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI versions 8.1.0 are affected by CVE-2021-29817.

How does CVE-2021-29817 affect the software?

CVE-2021-29817 allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.

How can I fix CVE-2021-29817?

To fix CVE-2021-29817, it is recommended to apply the latest security patches provided by IBM.

Where can I find more information about CVE-2021-29817?

You can find more information about CVE-2021-29817 on the IBM X-Force Exchange website (https://exchange.xforce.ibmcloud.com/vulnerabilities/204343) and the IBM support page (https://www.ibm.com/support/pages/node/6490747).

What is the Common Weakness Enumeration (CWE) ID for CVE-2021-29817?

The CWE ID for CVE-2021-29817 is CWE-79 (Cross-Site Scripting).

Vulnerability/
CVE-2021-29817

medium

5.4

CWE

17/9/2021

20/9/2021

16/9/2024

CVE-2021-29817: XSS

Q: What is the title of this vulnerability?

The title of this vulnerability is 'IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting (CVE-2021-29817).'

First published: Fri Sep 17 2021(Updated: )

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204343.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Tivoli Netcool/OMNIbus_GUI	<=8.1.x
Ibm Tivoli Netcool\/omnibus Webgui	>=8.1.0<8.1.0.24

Remedy

https://www.ibm.com/support/pages/node/6490747

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6490747

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-29817.
What is the title of this vulnerability?
The title of this vulnerability is 'IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting (CVE-2021-29817).'
What is the severity of CVE-2021-29817?
The severity of CVE-2021-29817 is medium with a severity value of 5.4.
What is affected by CVE-2021-29817?
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI versions 8.1.0 are affected by CVE-2021-29817.
How does CVE-2021-29817 affect the software?
CVE-2021-29817 allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.
How can I fix CVE-2021-29817?
To fix CVE-2021-29817, it is recommended to apply the latest security patches provided by IBM.
Where can I find more information about CVE-2021-29817?
You can find more information about CVE-2021-29817 on the IBM X-Force Exchange website (https://exchange.xforce.ibmcloud.com/vulnerabilities/204343) and the IBM support page (https://www.ibm.com/support/pages/node/6490747).
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-29817?
The CWE ID for CVE-2021-29817 is CWE-79 (Cross-Site Scripting).

collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/description
agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
agent/remedy
agent/tags
agent/last-modified-date
collector/mitre-cve
source/MITRE
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm tivoli netcool\/omnibus webgui
version/ibm tivoli netcool\/omnibus webgui/8.1.0
canonical/ibm tivoli netcool/omnibus_gui
version/ibm tivoli netcool/omnibus_gui/8.1.x