CVE-2021-38876: XSS
First published: Mon Dec 27 2021(Updated: )
IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM i | =7.2 | |
| IBM i | =7.3 | |
| IBM i | =7.4 | |
| <=7.4 | ||
| <=7.3 | ||
| <=7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-38876.
What is the severity level of CVE-2021-38876?
The severity level of CVE-2021-38876 is medium.
Which versions of IBM i are affected by CVE-2021-38876?
IBM i versions 7.2, 7.3, and 7.4 are affected by CVE-2021-38876.
How does CVE-2021-38876 impact the system?
CVE-2021-38876 allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.
How can I fix CVE-2021-38876?
To fix CVE-2021-38876, apply the necessary security patches provided by IBM.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/event
- agent/description
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm i
- version/ibm i/7.2
- version/ibm i/7.3
- version/ibm i/7.4