CNVD-2021-88188

Vulnerability from cnvd - Published: 2021-11-16
VLAI Severity ?
Title
IBM Jazz Team Server跨站脚本漏洞(CNVD-2021-88188)
Description
IBM Jazz Team Server是美国IBM公司的一个应用服务器。提供了基础服务,这些服务使一组工具可以作为单个逻辑服务器一起工作,并且包括提供工具特定功能的任意数量的Jazz Team Server Extensions。 IBM Jazz Team Server中存在跨站脚本漏洞,该漏洞源于产品未对用户输入数据做有效验证。攻击者可通过该漏洞导致凭证泄漏。
Severity
Patch Name
IBM Jazz Team Server跨站脚本漏洞(CNVD-2021-88188)的补丁
Patch Description
IBM Jazz Team Server是美国IBM公司的一个应用服务器。提供了基础服务,这些服务使一组工具可以作为单个逻辑服务器一起工作,并且包括提供工具特定功能的任意数量的Jazz Team Server Extensions。 IBM Jazz Team Server中存在跨站脚本漏洞,该漏洞源于产品未对用户输入数据做有效验证。攻击者可通过该漏洞导致凭证泄漏。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: https://exchange.xforce.ibmcloud.com/vulnerabilities/200967

Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-29713
Impacted products
Name
['IBM IBM Rational Team Concert 6.0.2', 'IBM IBM Rational Team Concert 6.0.6', 'IBM IBM Rational Team Concert 6.0.6.1', 'IBM IBM Rational DOORS Next Generation 6.0.6', 'IBM IBM Rational DOORS Next Generation 6.0.6.1', 'IBM IBM Rational DOORS Next Generation 7.0', 'IBM IBM Rational DOORS Next Generation 7.0.1', 'IBM IBM Rational DOORS Next Generation 7.0.2', 'IBM IBM Rational Collaborative Lifecycle Management 6.0.6', 'IBM IBM Rational Collaborative Lifecycle Management 6.0.6.1', 'IBM IBM Engineering Workflow Management 7.0', 'IBM IBM Engineering Lifecycle Optimization 7.0.1', 'IBM IBM Engineering Lifecycle Optimization 7.0.2', 'IBM IBM Rational Engineering Lifecycle Manager 7.0', 'IBM IBM Rational Engineering Lifecycle Manager 7.0.1', 'IBM IBM Rational Engineering Lifecycle Manager 7.0.2']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-29713",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-29713"
    }
  },
  "description": "IBM Jazz Team Server\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u670d\u52a1\u5668\u3002\u63d0\u4f9b\u4e86\u57fa\u7840\u670d\u52a1\uff0c\u8fd9\u4e9b\u670d\u52a1\u4f7f\u4e00\u7ec4\u5de5\u5177\u53ef\u4ee5\u4f5c\u4e3a\u5355\u4e2a\u903b\u8f91\u670d\u52a1\u5668\u4e00\u8d77\u5de5\u4f5c\uff0c\u5e76\u4e14\u5305\u62ec\u63d0\u4f9b\u5de5\u5177\u7279\u5b9a\u529f\u80fd\u7684\u4efb\u610f\u6570\u91cf\u7684Jazz Team Server Extensions\u3002\n\nIBM Jazz Team Server\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u672a\u5bf9\u7528\u6237\u8f93\u5165\u6570\u636e\u505a\u6709\u6548\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u51ed\u8bc1\u6cc4\u6f0f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0:\r\nhttps://exchange.xforce.ibmcloud.com/vulnerabilities/200967",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-88188",
  "openTime": "2021-11-16",
  "patchDescription": "IBM Jazz Team Server\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u670d\u52a1\u5668\u3002\u63d0\u4f9b\u4e86\u57fa\u7840\u670d\u52a1\uff0c\u8fd9\u4e9b\u670d\u52a1\u4f7f\u4e00\u7ec4\u5de5\u5177\u53ef\u4ee5\u4f5c\u4e3a\u5355\u4e2a\u903b\u8f91\u670d\u52a1\u5668\u4e00\u8d77\u5de5\u4f5c\uff0c\u5e76\u4e14\u5305\u62ec\u63d0\u4f9b\u5de5\u5177\u7279\u5b9a\u529f\u80fd\u7684\u4efb\u610f\u6570\u91cf\u7684Jazz Team Server Extensions\u3002\r\n\r\nIBM Jazz Team Server\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u672a\u5bf9\u7528\u6237\u8f93\u5165\u6570\u636e\u505a\u6709\u6548\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u51ed\u8bc1\u6cc4\u6f0f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Jazz Team Server\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-88188\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM IBM Rational Team Concert 6.0.2",
      "IBM IBM Rational Team Concert 6.0.6",
      "IBM IBM Rational Team Concert 6.0.6.1",
      "IBM IBM Rational DOORS Next Generation 6.0.6",
      "IBM IBM Rational DOORS Next Generation 6.0.6.1",
      "IBM IBM Rational DOORS Next Generation 7.0",
      "IBM IBM Rational DOORS Next Generation 7.0.1",
      "IBM IBM Rational DOORS Next Generation 7.0.2",
      "IBM IBM Rational Collaborative Lifecycle Management 6.0.6",
      "IBM IBM Rational Collaborative Lifecycle Management 6.0.6.1",
      "IBM IBM Engineering Workflow Management 7.0",
      "IBM IBM Engineering Lifecycle Optimization 7.0.1",
      "IBM IBM Engineering Lifecycle Optimization 7.0.2",
      "IBM IBM Rational Engineering Lifecycle Manager 7.0",
      "IBM IBM Rational Engineering Lifecycle Manager 7.0.1",
      "IBM IBM Rational Engineering Lifecycle Manager 7.0.2"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-29713",
  "serverity": "\u4f4e",
  "submitTime": "2021-10-29",
  "title": "IBM Jazz Team Server\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-88188\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.