Ibm

Jazz Reporting Service

55 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2025-2134

  • EPSS -
  • Veröffentlicht 04.02.2026 21:15:57
  • Zuletzt bearbeitet 04.02.2026 21:15:57

IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries due to insufficient resource pooling.

3.5

CVE-2025-27550

  • EPSS -
  • Veröffentlicht 04.02.2026 21:15:57
  • Zuletzt bearbeitet 04.02.2026 21:15:57

IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server.

3.5

CVE-2025-1823

  • EPSS -
  • Veröffentlicht 04.02.2026 21:15:57
  • Zuletzt bearbeitet 04.02.2026 21:15:57

IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources.

7.2

CVE-2024-25051

  • EPSS 0.16%
  • Veröffentlicht 02.04.2025 15:15:56
  • Zuletzt bearbeitet 14.07.2025 18:34:13

IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system.

4.4

CVE-2024-25052

  • EPSS 0.04%
  • Veröffentlicht 13.06.2024 14:15:11
  • Zuletzt bearbeitet 21.11.2024 09:00:10

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363.

5.5

CVE-2021-20535

  • EPSS 0.09%
  • Veröffentlicht 13.05.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 05:46:44

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facil...

5.4

CVE-2020-4933

  • EPSS 0.19%
  • Veröffentlicht 18.02.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:26

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credenti...

5.4

CVE-2020-4718

  • EPSS 0.17%
  • Veröffentlicht 19.11.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:33:10

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to c...

6.1

CVE-2020-4541

  • EPSS 0.19%
  • Veröffentlicht 10.08.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:32:52

IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wi...

6.1

CVE-2020-4539

  • EPSS 0.19%
  • Veröffentlicht 10.08.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:32:52

IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to c...