Ibm

Jazz Foundation

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-1826

  • EPSS 0.03%
  • Published 07.10.2025 17:50:00
  • Last modified 07.10.2025 18:15:58

IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the hos...

6.5

CVE-2025-25048

  • EPSS 0.03%
  • Published 04.09.2025 15:06:15
  • Last modified 04.09.2025 15:35:29

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted...

6.1

CVE-2024-43184

  • EPSS 0.1%
  • Published 04.09.2025 15:04:57
  • Last modified 04.09.2025 15:35:29

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web U...

9.8

CVE-2025-36157

  • EPSS 0.11%
  • Published 24.08.2025 01:14:41
  • Last modified 25.08.2025 20:24:45

IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.

5.4

CVE-2021-29669

  • EPSS 0.2%
  • Published 12.01.2025 02:15:18
  • Last modified 13.03.2025 16:25:10

IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credenti...

4.6

CVE-2024-41780

  • EPSS 0.03%
  • Published 03.01.2025 15:15:10
  • Last modified 21.03.2025 15:34:55

IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry.

4.3

CVE-2024-5591

  • EPSS 0.1%
  • Published 03.01.2025 15:15:10
  • Last modified 21.03.2025 15:35:46

IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

6.1

CVE-2023-45181

  • EPSS 0.06%
  • Published 25.11.2024 16:15:11
  • Last modified 14.01.2025 19:46:20

IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within...

5.3

CVE-2023-26280

  • EPSS 0.05%
  • Published 25.11.2024 16:15:06
  • Last modified 16.01.2025 16:13:59

IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.

5.4

CVE-2021-39059

  • EPSS 0.22%
  • Published 11.05.2022 16:15:08
  • Last modified 21.11.2024 06:18:31

IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia...