Ibm

Jazz For Service Management

27 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-36011

  • EPSS 0.01%
  • Published 09.09.2025 19:32:16
  • Last modified 03.10.2025 19:04:22

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a si...

6.1

CVE-2024-52892

  • EPSS 0.24%
  • Published 06.02.2025 20:15:39
  • Last modified 12.08.2025 18:45:25

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ...

7.5

CVE-2024-47106

  • EPSS 0.08%
  • Published 18.01.2025 16:15:37
  • Last modified 08.08.2025 02:09:59

IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system.

7.5

CVE-2023-46186

  • EPSS 0.09%
  • Published 14.02.2024 15:15:08
  • Last modified 21.11.2024 08:28:02

IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929.

5.4

CVE-2022-35722

  • EPSS 0.09%
  • Published 28.09.2022 16:15:11
  • Last modified 20.05.2025 21:15:22

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

5.4

CVE-2022-35721

  • EPSS 0.15%
  • Published 23.09.2022 18:15:10
  • Last modified 22.05.2025 19:15:34

IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...

5.4

CVE-2021-29814

  • EPSS 0.2%
  • Published 23.09.2021 18:15:11
  • Last modified 21.11.2024 06:01:51

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent...

5.4

CVE-2021-38877

  • EPSS 0.2%
  • Published 23.09.2021 18:15:11
  • Last modified 21.11.2024 06:18:08

IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo...

5.4

CVE-2021-29905

  • EPSS 0.21%
  • Published 23.09.2021 18:15:11
  • Last modified 21.11.2024 06:01:58

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l...

5.5

CVE-2021-29904

  • EPSS 0.02%
  • Published 23.09.2021 18:15:11
  • Last modified 21.11.2024 06:01:58

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610.