Ibm

Jazz Reporting Service

52 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2024-25051

  • EPSS 0.04%
  • Published 02.04.2025 15:15:56
  • Last modified 14.07.2025 18:34:13

IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system.

4.4

CVE-2024-25052

  • EPSS 0.03%
  • Published 13.06.2024 14:15:11
  • Last modified 21.11.2024 09:00:10

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363.

5.5

CVE-2021-20535

  • EPSS 0.09%
  • Published 13.05.2021 16:15:07
  • Last modified 21.11.2024 05:46:44

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facil...

5.4

CVE-2020-4933

  • EPSS 0.19%
  • Published 18.02.2021 15:15:13
  • Last modified 21.11.2024 05:33:26

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credenti...

5.4

CVE-2020-4718

  • EPSS 0.17%
  • Published 19.11.2020 16:15:11
  • Last modified 21.11.2024 05:33:10

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to c...

6.1

CVE-2020-4541

  • EPSS 0.19%
  • Published 10.08.2020 13:15:11
  • Last modified 21.11.2024 05:32:52

IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wi...

6.1

CVE-2020-4539

  • EPSS 0.19%
  • Published 10.08.2020 13:15:11
  • Last modified 21.11.2024 05:32:52

IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to c...

6.1

CVE-2020-4533

  • EPSS 0.19%
  • Published 10.08.2020 13:15:11
  • Last modified 21.11.2024 05:32:51

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis...

5.4

CVE-2020-4419

  • EPSS 0.18%
  • Published 28.05.2020 15:15:12
  • Last modified 21.11.2024 05:32:43

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis...

9.8

CVE-2019-4651

  • EPSS 0.26%
  • Published 09.01.2020 17:15:12
  • Last modified 21.11.2024 04:43:55

IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID...