CVE-2021-29788: XSS

Q: What is the vulnerability ID for IBM Engineering Requirements Quality Assistant?

The vulnerability ID for IBM Engineering Requirements Quality Assistant is CVE-2021-29788.

Q: What is the severity of CVE-2021-29788?

The severity of CVE-2021-29788 is medium with a severity value of 5.4.

Q: What is the impact of CVE-2021-29788?

CVE-2021-29788 allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted environment.

Q: How can I fix CVE-2021-29788?

To fix CVE-2021-29788, it is recommended to update to a patched version or apply the necessary security updates provided by IBM.

Published Jul 7, 2022

Updated

IBM Engineering Requirements Quality Assistant is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Other sources

IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203310.

Affected Software

2 affected components

IBM Engineering Requirements Quality Assistant On-Premises<=All

IBM Engineering Requirements Quality Assistant On-Premises

Event History

Jul 7, 2022

CVE Published

via IBM·12:00 AM

Jul 18, 2022

CVE Published

via MITRE·05:00 PM

Data Sourced

via MITRE·05:00 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-6604005

Frequently Asked Questions

What is the vulnerability ID for IBM Engineering Requirements Quality Assistant?

The vulnerability ID for IBM Engineering Requirements Quality Assistant is CVE-2021-29788.

What is the severity of CVE-2021-29788?

The severity of CVE-2021-29788 is medium with a severity value of 5.4.

What is affected by CVE-2021-29788?

IBM Engineering Requirements Quality Assistant On-Premises (All versions) is affected by CVE-2021-29788.

What is the impact of CVE-2021-29788?