28 matches found
CVE-2016-0316
Cross-site scripting XSS vulnerability in Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
Design/Logic Flaw
Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation...
CVE-2016-0317
The CVE-2016-0317 issue affects IBM Jazz Reporting Service’s Lifecycle Query Engine (LQE) shipped with Jazz Reporting Service 6.0 and 6.0.1 (prior to 6.0.1 iFix006). The vulnerability enables remote attackers to hijack click actions (clickjacking) via unspecified vectors. The IBM advisory groups ...
CVE-2016-0318
Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation...
IBM Jazz Reporting Service Lifecycle Query Engine Cross-Site Request Forgery Vulnerability
IBM Jazz Reporting Service JRS is a suite of IBM USA applications for discovering cross-project reports that can be used in conjunction with IBM Rational CLM's Rational solution for managing all the lifecycles of a development project. CLM users can access JRS-provided reports from a dashboard th...
IBM Jazz Reporting Service Lifecycle Query Engine LDAP Injection Vulnerability
IBM Jazz Reporting Service JRS is a suite of IBM USA applications for discovering cross-project reports that can be used in conjunction with IBM Rational CLM's Rational solution for managing all the lifecycles of a development project. CLM users can access JRS-provided reports from a dashboard th...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Lifecycle Query Engine LQE in IBM Jazz Reporting Service JRS 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...
CVE-2015-7465
Cross-site request forgery CSRF vulnerability in Lifecycle Query Engine LQE in IBM Jazz Reporting Service JRS 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Recent assessments: Assesse...