Jermaine Ellis

**Name of the Vulnerable Software and Affected Versions** IBM Spectrum Symphony version 7.2.0.2 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. **Recommendations** For IBM Spectrum Symphony version 7.2.0.2, consider disabling the Web UI functionality until a patch is available to prevent potential cross-site scripting attacks.

**Name of the Vulnerable Software and Affected Versions** IBM Platform Symphony versions 7.1 Fix Pack 1 through 7.1.1 IBM Spectrum Symphony versions 7.1.2 through 7.2.0.2 **Description** The issue is an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. **Recommendations** For IBM Platform Symphony versions 7.1 Fix Pack 1 through 7.1.1, update to a version that contains the fix for this issue. For IBM Spectrum Symphony versions 7.1.2 through 7.2.0.2, update to a version that contains the fix for this issue.