PT-2025-35944 · Ibm · Ibm Jazz Foundation
Published
2025-09-04
·
Updated
2025-09-04
·
CVE-2024-43184
CVSS v3.1
6.1
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Fix
XSS
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Jazz Foundation
Published
2025-09-04
·
Updated
2025-09-04
·
CVE-2024-43184
6.1
Medium
| Base vector | Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
IBM Jazz Foundation versions 7.0.2 through 7.0.2 iFix033
IBM Jazz Foundation versions 7.0.3 through 7.0.3 iFix012
IBM Jazz Foundation versions 7.1.0 through 7.1.0 iFix002
Description:
The software is susceptible to cross-site scripting (XSS). This allows an unauthenticated attacker to embed arbitrary JavaScript code into the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session.
Recommendations:
Update IBM Jazz Foundation to a version beyond 7.0.2 iFix033.
Update IBM Jazz Foundation to a version beyond 7.0.3 iFix012.
Update IBM Jazz Foundation to a version beyond 7.1.0 iFix002.
Fix
XSS