CVE-2025-23227

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.1 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7181334	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

15 Aug 2025, 12:46

Type	Values Removed	Values Added
Summary		(es) IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 a 7.3.0.11 es vulnerable a Cross-Site Scripting Almacenado. Esta vulnerabilidad permite a los usuarios autenticados incorporar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista y pudiendo provocar la divulgación de credenciales dentro de una sesión de confianza.
First Time		Ibm aix Ibm tivoli Application Dependency Discovery Manager Linux Microsoft Ibm Microsoft windows Linux linux Kernel
CPE		cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:::::::: cpe:2.3:o:ibm:aix:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
References	~~() https://www.ibm.com/support/pages/node/7181334 -~~	() https://www.ibm.com/support/pages/node/7181334 - Vendor Advisory

23 Jan 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-23 18:15

Updated : 2025-08-15 12:46

NVD link : CVE-2025-23227

Mitre link : CVE-2025-23227

CVE.ORG link : CVE-2025-23227

JSON object : View

Products Affected

ibm

tivoli_application_dependency_discovery_manager
aix

microsoft

windows

linux

linux_kernel

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2025-23227", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2025-01-23T18:15:33.440", "references": [{"url": "https://www.ibm.com/support/pages/node/7181334", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."}, {"lang": "es", "value": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 a 7.3.0.11 es vulnerable a Cross-Site Scripting Almacenado. Esta vulnerabilidad permite a los usuarios autenticados incorporar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."}], "lastModified": "2025-08-15T12:46:20.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A2EF77C-1EA7-4869-9B8E-EAF1A0E5D130", "versionEndIncluding": "7.3.0.11", "versionStartIncluding": "7.3.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}