26 matches found
EUVD-2021-16305
Malware in sbrugna...
EUVD-2016-10758
Malware in sbrugna...
EUVD-2019-13882
Malware in sbrugna...
EUVD-2024-53875
Malicious code in bioql PyPI...
CVE-2025-36011
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...
Security Bulletin: IBM Jazz for Service Management is vulnerable due to Apache ActiveMQ Memory Allocation with Excessive Size Value vulnerability
Summary IBM Jazz for Service Management is vulnerable due to Apache ActiveMQ Memory Allocation with Excessive Size Value vulnerability CVE-2025-27533 Vulnerability Details CVEID:CVE-2025-27533 DESCRIPTION: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During...
Security Bulletin: IBM Jazz for Service Management is vulnerable due to issues in JDOM, Apache Log4j 1.x, Apache ActiveMQ and Apache Camel
Summary IBM Jazz for Service Management is vulnerable due to issues in JDOM, Apache Log4j 1.x, Apache ActiveMQ and Apache Camel CVE-2021-33813, CVE-2022-23302, CVE-2022-23307, CVE-2023-26464, CVE-2019-0222, CVE-2022-41678, CVE-2018-11775, CVE-2020-11971, CVE-2019-0188, CVE-2017-5643. Vulnerabilit...
CVE-2024-47106
IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system...
CVE-2024-52892 IBM Jazz for Service Management Cross-Site Scripting
IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2024-52892 IBM Jazz for Service Management Cross-Site Scripting
IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
Security Bulletin: Improper Resource Allocation in IBM Jazz for Service Management due to Apache Commons IO XmlStreamReader Class (CVE-2024-47554)
Summary Improper Resource Allocation in IBM Jazz for Service Management due to Apache Commons IO XmlStreamReader Class CVE-2024-47554 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw...
CVE-2022-35721
IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability (CVE-2021-44832)
Summary Based on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-44832. However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are used in the...
CVE-2021-29816
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbusGUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204341...
CVE-2021-29815
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbusGUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2021-29833
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbusGUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2021-29904
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbusGUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610...
CVE-2021-29821
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2021-29811
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user. IBM X-Force ID: 204329...
IBM Jazz for Service Management和IBM Tivoli Netcool/OMNIbus_GUI 跨站脚本漏洞
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI are both products of IBM Corporation, U.S.A. IBM Jazz for Service Management is an integrated service management product that provides visibility into the service management environment. IBM Tivoli Netcool/OMNIbusGUI is a graphical...