Metrics
Affected Vendors & Products
Solution
IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below: IBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2.Optionally, upgrade to the latest 7.1.0 version and apply below fix. Affected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation7.0.2Download and install iFix034 https://www.ibm.com/support/fixcentral/swg/downloadFixes or laterIBM Engineering Lifecycle Management - Jazz Foundation7.0.3Download and install iFix013 https://www.ibm.com/support/fixcentral/swg/downloadFixes or laterIBM Engineering Lifecycle Management - Jazz Foundation7.1.0Download and install iFix003 https://www.ibm.com/support/fixcentral/swg/downloadFixes or later
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://www.ibm.com/support/pages/node/7244013 |
![]() ![]() |
Thu, 04 Sep 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 04 Sep 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |
Title | IBM Jazz Foundation cross-site scripting | |
First Time appeared |
Ibm
Ibm jazz Foundation |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:* |
|
Vendors & Products |
Ibm
Ibm jazz Foundation |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2025-09-04T17:39:41.359Z
Reserved: 2024-08-07T13:29:34.028Z
Link: CVE-2024-43184

Updated: 2025-09-04T17:39:38.955Z

Status : Awaiting Analysis
Published: 2025-09-04T15:15:45.200
Modified: 2025-09-04T15:35:29.497
Link: CVE-2024-43184

No data.

No data.