Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2021-41073 – Linux Kernel loop_rw_iter in fs/io_uring.c Vulnerability
September 21, 2021
Rewterz
Rewterz Threat Alert – Trickbot Malware – Active IOCs
September 21, 2021

Rewterz Threat Advisory – Multiple IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-29806 ; CVE-2021-29807 ; CVE-2021-29808 ; CVE-2021-29809 ; CVE-2021-29817 ; CVE-2021-29818 ; CVE-2021-29819 ; CVE-2021-29820 ; CVE-2021-29821

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2021-29811

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user.

CVE-2021-29856

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated user to cause a denial of service through the WebGUI Map Creation page.

Impact

  • Cross-Site Scripting
  • Information Disclosure
  • Denial of Service

Affected Vendors

  • IBM

Affected Products

  • IBM Tivoli Netcool/OMNIbus 8.1.0

Remediation

Refer to IBM Advisory for patch, upgrade or suggested workaround information.

https://www.ibm.com/support/pages/node/6490747