cnvd-2021-88188
Vulnerability from cnvd

Title: IBM Jazz Team Server跨站脚本漏洞(CNVD-2021-88188)

Description:

IBM Jazz Team Server是美国IBM公司的一个应用服务器。提供了基础服务,这些服务使一组工具可以作为单个逻辑服务器一起工作,并且包括提供工具特定功能的任意数量的Jazz Team Server Extensions。

IBM Jazz Team Server中存在跨站脚本漏洞,该漏洞源于产品未对用户输入数据做有效验证。攻击者可通过该漏洞导致凭证泄漏。

Severity:

Patch Name: IBM Jazz Team Server跨站脚本漏洞(CNVD-2021-88188)的补丁

Patch Description:

IBM Jazz Team Server是美国IBM公司的一个应用服务器。提供了基础服务,这些服务使一组工具可以作为单个逻辑服务器一起工作,并且包括提供工具特定功能的任意数量的Jazz Team Server Extensions。

IBM Jazz Team Server中存在跨站脚本漏洞,该漏洞源于产品未对用户输入数据做有效验证。攻击者可通过该漏洞导致凭证泄漏。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序,请及时关注更新: https://exchange.xforce.ibmcloud.com/vulnerabilities/200967

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-29713

Impacted products
Name
['IBM IBM Rational Team Concert 6.0.2', 'IBM IBM Rational Team Concert 6.0.6', 'IBM IBM Rational Team Concert 6.0.6.1', 'IBM IBM Rational DOORS Next Generation 6.0.6', 'IBM IBM Rational DOORS Next Generation 6.0.6.1', 'IBM IBM Rational DOORS Next Generation 7.0', 'IBM IBM Rational DOORS Next Generation 7.0.1', 'IBM IBM Rational DOORS Next Generation 7.0.2', 'IBM IBM Rational Collaborative Lifecycle Management 6.0.6', 'IBM IBM Rational Collaborative Lifecycle Management 6.0.6.1', 'IBM IBM Engineering Workflow Management 7.0', 'IBM IBM Engineering Lifecycle Optimization 7.0.1', 'IBM IBM Engineering Lifecycle Optimization 7.0.2', 'IBM IBM Rational Engineering Lifecycle Manager 7.0', 'IBM IBM Rational Engineering Lifecycle Manager 7.0.1', 'IBM IBM Rational Engineering Lifecycle Manager 7.0.2']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-29713",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-29713"
    }
  },
  "description": "IBM Jazz Team Server\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u670d\u52a1\u5668\u3002\u63d0\u4f9b\u4e86\u57fa\u7840\u670d\u52a1\uff0c\u8fd9\u4e9b\u670d\u52a1\u4f7f\u4e00\u7ec4\u5de5\u5177\u53ef\u4ee5\u4f5c\u4e3a\u5355\u4e2a\u903b\u8f91\u670d\u52a1\u5668\u4e00\u8d77\u5de5\u4f5c\uff0c\u5e76\u4e14\u5305\u62ec\u63d0\u4f9b\u5de5\u5177\u7279\u5b9a\u529f\u80fd\u7684\u4efb\u610f\u6570\u91cf\u7684Jazz Team Server Extensions\u3002\n\nIBM Jazz Team Server\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u672a\u5bf9\u7528\u6237\u8f93\u5165\u6570\u636e\u505a\u6709\u6548\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u51ed\u8bc1\u6cc4\u6f0f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0:\r\nhttps://exchange.xforce.ibmcloud.com/vulnerabilities/200967",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-88188",
  "openTime": "2021-11-16",
  "patchDescription": "IBM Jazz Team Server\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u670d\u52a1\u5668\u3002\u63d0\u4f9b\u4e86\u57fa\u7840\u670d\u52a1\uff0c\u8fd9\u4e9b\u670d\u52a1\u4f7f\u4e00\u7ec4\u5de5\u5177\u53ef\u4ee5\u4f5c\u4e3a\u5355\u4e2a\u903b\u8f91\u670d\u52a1\u5668\u4e00\u8d77\u5de5\u4f5c\uff0c\u5e76\u4e14\u5305\u62ec\u63d0\u4f9b\u5de5\u5177\u7279\u5b9a\u529f\u80fd\u7684\u4efb\u610f\u6570\u91cf\u7684Jazz Team Server Extensions\u3002\r\n\r\nIBM Jazz Team Server\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u672a\u5bf9\u7528\u6237\u8f93\u5165\u6570\u636e\u505a\u6709\u6548\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u51ed\u8bc1\u6cc4\u6f0f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Jazz Team Server\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-88188\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM IBM Rational Team Concert 6.0.2",
      "IBM IBM Rational Team Concert 6.0.6",
      "IBM IBM Rational Team Concert 6.0.6.1",
      "IBM IBM Rational DOORS Next Generation 6.0.6",
      "IBM IBM Rational DOORS Next Generation 6.0.6.1",
      "IBM IBM Rational DOORS Next Generation 7.0",
      "IBM IBM Rational DOORS Next Generation 7.0.1",
      "IBM IBM Rational DOORS Next Generation 7.0.2",
      "IBM IBM Rational Collaborative Lifecycle Management 6.0.6",
      "IBM IBM Rational Collaborative Lifecycle Management 6.0.6.1",
      "IBM IBM Engineering Workflow Management 7.0",
      "IBM IBM Engineering Lifecycle Optimization 7.0.1",
      "IBM IBM Engineering Lifecycle Optimization 7.0.2",
      "IBM IBM Rational Engineering Lifecycle Manager 7.0",
      "IBM IBM Rational Engineering Lifecycle Manager 7.0.1",
      "IBM IBM Rational Engineering Lifecycle Manager 7.0.2"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-29713",
  "serverity": "\u4f4e",
  "submitTime": "2021-10-29",
  "title": "IBM Jazz Team Server\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-88188\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.