CVE-2021-29820

Name of the Vulnerable Software and Affected Versions IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus GUI version 8.1.0

Description The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. This is due to a cross-site scripting vulnerability.

Recommendations For IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus GUI version 8.1.0, consider disabling JavaScript execution in the Web UI as a temporary workaround until a patch is available. Restrict access to sensitive areas of the Web UI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.