Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by an identity spoofing vulnerability

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by an identity spoofing vulnerability CVE-2026-8644 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by multiple vulnerabilities when using Web Server Plug-ins CVE-2026-8633, CVE-2026-8620 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by a denial of service due to Apache Commons FileUpload

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by a denial of service due to Apache Commons FileUpload CVE-2025-48976 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by cross-site scripting

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by cross-site scripting CVE-2025-12635 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

CVE-2025-36249 IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

IBM Jazz for Service Management 安全漏洞

IBM Jazz for Service Management is an integrated service management product from International Business Machines IBM that provides visibility into the service management environment. A security vulnerability exists in IBM Jazz for Service Management versions 1.1.3.0 through 1.1.3.25, which stems...

EUVD-2019-13882

Malware in sbrugna...

EUVD-2016-10758

Malware in sbrugna...

EUVD-2021-16305

Malware in sbrugna...

EUVD-2025-27484

Malicious code in bioql PyPI...

EUVD-2024-53875

Malicious code in bioql PyPI...

CVE-2025-36011

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

CVE-2025-36011 IBM Jazz for Service Management information disclosure

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

Security Bulletin: IBM Jazz for Service Management is vulnerable due to Apache ActiveMQ Memory Allocation with Excessive Size Value vulnerability

Summary IBM Jazz for Service Management is vulnerable due to Apache ActiveMQ Memory Allocation with Excessive Size Value vulnerability CVE-2025-27533 Vulnerability Details CVEID:CVE-2025-27533 DESCRIPTION: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During...

Security Bulletin: IBM Jazz for Service Management is vulnerable due to issues in JDOM, Apache Log4j 1.x, Apache ActiveMQ and Apache Camel

Summary IBM Jazz for Service Management is vulnerable due to issues in JDOM, Apache Log4j 1.x, Apache ActiveMQ and Apache Camel CVE-2021-33813, CVE-2022-23302, CVE-2022-23307, CVE-2023-26464, CVE-2019-0222, CVE-2022-41678, CVE-2018-11775, CVE-2020-11971, CVE-2019-0188, CVE-2017-5643. Vulnerabilit...

CVE-2024-47106

IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system...

CVE-2024-52892 IBM Jazz for Service Management Cross-Site Scripting

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2024-52892 IBM Jazz for Service Management Cross-Site Scripting

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

Security Bulletin: Improper Resource Allocation in IBM Jazz for Service Management due to Apache Commons IO XmlStreamReader Class (CVE-2024-47554)

Summary Improper Resource Allocation in IBM Jazz for Service Management due to Apache Commons IO XmlStreamReader Class CVE-2024-47554 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to stored cross-site scripting (CVE-2024-45071)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...