Ibm

Jazz Foundation

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-1826

  • EPSS 0.03%
  • Veröffentlicht 07.10.2025 17:50:00
  • Zuletzt bearbeitet 08.10.2025 19:38:09

IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the hos...

6.5

CVE-2025-25048

  • EPSS 0.03%
  • Veröffentlicht 04.09.2025 15:06:15
  • Zuletzt bearbeitet 04.09.2025 15:35:29

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted...

6.1

CVE-2024-43184

  • EPSS 0.1%
  • Veröffentlicht 04.09.2025 15:04:57
  • Zuletzt bearbeitet 04.09.2025 15:35:29

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web U...

9.8

CVE-2025-36157

  • EPSS 0.11%
  • Veröffentlicht 24.08.2025 01:14:41
  • Zuletzt bearbeitet 25.08.2025 20:24:45

IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.

5.4

CVE-2021-29669

  • EPSS 0.2%
  • Veröffentlicht 12.01.2025 02:15:18
  • Zuletzt bearbeitet 13.03.2025 16:25:10

IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credenti...

4.6

CVE-2024-41780

  • EPSS 0.03%
  • Veröffentlicht 03.01.2025 15:15:10
  • Zuletzt bearbeitet 21.03.2025 15:34:55

IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry.

4.3

CVE-2024-5591

  • EPSS 0.1%
  • Veröffentlicht 03.01.2025 15:15:10
  • Zuletzt bearbeitet 21.03.2025 15:35:46

IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

6.1

CVE-2023-45181

  • EPSS 0.06%
  • Veröffentlicht 25.11.2024 16:15:11
  • Zuletzt bearbeitet 14.01.2025 19:46:20

IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within...

5.3

CVE-2023-26280

  • EPSS 0.05%
  • Veröffentlicht 25.11.2024 16:15:06
  • Zuletzt bearbeitet 16.01.2025 16:13:59

IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.

5.4

CVE-2021-39059

  • EPSS 0.22%
  • Veröffentlicht 11.05.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:18:31

IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia...