IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Fixes

Solution

IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below: IBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2.Optionally, upgrade to the latest 7.1.0 version and apply below fix. Affected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation7.0.2Download and install iFix034 https://www.ibm.com/support/fixcentral/swg/downloadFixes  or laterIBM Engineering Lifecycle Management - Jazz Foundation7.0.3Download and install iFix013 https://www.ibm.com/support/fixcentral/swg/downloadFixes  or laterIBM Engineering Lifecycle Management - Jazz Foundation7.1.0Download and install iFix003 https://www.ibm.com/support/fixcentral/swg/downloadFixes  or later


Workaround

No workaround given by the vendor.

History

Thu, 04 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 04 Sep 2025 15:15:00 +0000

Type Values Removed Values Added
Description IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Title IBM Jazz Foundation cross-site scripting
First Time appeared Ibm
Ibm jazz Foundation
Weaknesses CWE-79
CPEs cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:*
Vendors & Products Ibm
Ibm jazz Foundation
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-09-04T17:39:41.359Z

Reserved: 2024-08-07T13:29:34.028Z

Link: CVE-2024-43184

cve-icon Vulnrichment

Updated: 2025-09-04T17:39:38.955Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-04T15:15:45.200

Modified: 2025-09-04T15:35:29.497

Link: CVE-2024-43184

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.