CVE-2024-43184

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-43184
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/7244013 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:jazz_foundation:7.0.2:-:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix001:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix002:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix003:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix004:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix005:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix006:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix007:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix008a:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix009:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix010:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix011:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix012:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix013:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix014:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix016:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix017:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix018:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix020a:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix021:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix022:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix023:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix024:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix025:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix026a:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix027:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix028:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix029:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix030:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix031:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix032:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:-:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix001:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix002:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix003:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix004:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix005:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix006:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix007:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix008:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix009:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix010:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix011:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.1.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix001:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:*
History

No history.

Information

Published : 2025-09-04 15:15

Updated : 2026-01-09 02:31

NVD link : CVE-2024-43184

Mitre link : CVE-2024-43184

CVE.ORG link : CVE-2024-43184

JSON object : View

Products Affected

ibm

  • jazz_foundation
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')