Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by an authentication bypass vulnerability

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by an authentication bypass vulnerability CVE-2026-10845 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by multiple vulnerabilities CVE-2026-8646, CVE-2026-9320, CVE-2026-9071 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by an identity spoofing vulnerability

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by an identity spoofing vulnerability CVE-2026-8644 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by multiple vulnerabilities when using Web Server Plug-ins CVE-2026-8633, CVE-2026-8620 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by a denial of service due to Apache Commons FileUpload

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by a denial of service due to Apache Commons FileUpload CVE-2025-48976 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by cross-site scripting

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by cross-site scripting CVE-2025-12635 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

CVE-2025-36249 IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

IBM Jazz for Service Management 安全漏洞

IBM Jazz for Service Management is an integrated service management product from International Business Machines IBM that provides visibility into the service management environment. A security vulnerability exists in IBM Jazz for Service Management versions 1.1.3.0 through 1.1.3.25, which stems...

EUVD-2021-16305

Malware in sbrugna...

EUVD-2016-10758

Malware in sbrugna...

EUVD-2019-13882

Malware in sbrugna...

EUVD-2024-53875

Malicious code in bioql PyPI...

EUVD-2025-27484

Malicious code in bioql PyPI...

CVE-2025-36011

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

CVE-2025-36011 IBM Jazz for Service Management information disclosure

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

Security Bulletin: IBM Jazz for Service Management is vulnerable due to Apache ActiveMQ Memory Allocation with Excessive Size Value vulnerability

Summary IBM Jazz for Service Management is vulnerable due to Apache ActiveMQ Memory Allocation with Excessive Size Value vulnerability CVE-2025-27533 Vulnerability Details CVEID:CVE-2025-27533 DESCRIPTION: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During...

Security Bulletin: IBM Jazz for Service Management is vulnerable due to issues in JDOM, Apache Log4j 1.x, Apache ActiveMQ and Apache Camel

Summary IBM Jazz for Service Management is vulnerable due to issues in JDOM, Apache Log4j 1.x, Apache ActiveMQ and Apache Camel CVE-2021-33813, CVE-2022-23302, CVE-2022-23307, CVE-2023-26464, CVE-2019-0222, CVE-2022-41678, CVE-2018-11775, CVE-2020-11971, CVE-2019-0188, CVE-2017-5643. Vulnerabilit...

CVE-2024-47106

IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system...

CVE-2024-52892 IBM Jazz for Service Management Cross-Site Scripting

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2024-52892 IBM Jazz for Service Management Cross-Site Scripting

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...