Ibm

Jazz For Service Management

27 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-36011

  • EPSS 0.01%
  • Veröffentlicht 09.09.2025 19:32:16
  • Zuletzt bearbeitet 03.10.2025 19:04:22

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a si...

6.1

CVE-2024-52892

  • EPSS 0.24%
  • Veröffentlicht 06.02.2025 20:15:39
  • Zuletzt bearbeitet 12.08.2025 18:45:25

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ...

7.5

CVE-2024-47106

  • EPSS 0.08%
  • Veröffentlicht 18.01.2025 16:15:37
  • Zuletzt bearbeitet 08.08.2025 02:09:59

IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system.

7.5

CVE-2023-46186

  • EPSS 0.09%
  • Veröffentlicht 14.02.2024 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:28:02

IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929.

5.4

CVE-2022-35722

  • EPSS 0.09%
  • Veröffentlicht 28.09.2022 16:15:11
  • Zuletzt bearbeitet 20.05.2025 21:15:22

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

5.4

CVE-2022-35721

  • EPSS 0.15%
  • Veröffentlicht 23.09.2022 18:15:10
  • Zuletzt bearbeitet 22.05.2025 19:15:34

IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...

5.4

CVE-2021-29814

  • EPSS 0.2%
  • Veröffentlicht 23.09.2021 18:15:11
  • Zuletzt bearbeitet 21.11.2024 06:01:51

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent...

5.4

CVE-2021-38877

  • EPSS 0.2%
  • Veröffentlicht 23.09.2021 18:15:11
  • Zuletzt bearbeitet 21.11.2024 06:18:08

IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo...

5.4

CVE-2021-29905

  • EPSS 0.21%
  • Veröffentlicht 23.09.2021 18:15:11
  • Zuletzt bearbeitet 21.11.2024 06:01:58

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l...

5.5

CVE-2021-29904

  • EPSS 0.02%
  • Veröffentlicht 23.09.2021 18:15:11
  • Zuletzt bearbeitet 21.11.2024 06:01:58

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610.