Security Bulletin: Security vulnerability affects the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2017-1095)

Summary There is a security vulnerability in the Lifecycle Query Engine LQE shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2017-1095 DESCRIPTION: IBM Jazz Reporting Service JRS is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

Security Bulletin: Security vulnerability affects the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2017-1094)

Summary There is a security vulnerability in the Lifecycle Query Engine LQE shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2017-1094 DESCRIPTION: IBM Jazz Reporting Service JRS is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when...

Security Bulletin: Multiple security vulnerabilities affect the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2016-5897, CVE-2016-6039)

Summary There are multiple security vulnerabilities in the Lifecycle Query Engine LQE shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2016-5897 DESCRIPTION: IBM Jazz Reporting Service JRS is vulnerable to HTML injection. A remote attacker could inject malicious HTML code,...

CVE-2015-7484

IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force ID: 108619...

Design/Logic Flaw

IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force ID: 108619...

IBM Lifecycle Query Engine of Jazz Reporting Service Information Disclosure Vulnerability

IBM Lifecycle Query Engine of Jazz Reporting Service is a lifecycle query engine for Jazz Reporting Service from IBM, USA. A security vulnerability exists in IBM Lifecycle Query Engine of Jazz Reporting Service versions 6.0 through 6.0.4. An attacker could exploit the vulnerability to obtain...

CVE-2017-1490

An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information...

Information disclosure

An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information...

CVE-2017-1490

An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information...

CVE-2017-1490

An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information...

CVE-2016-0318

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation...

CVE-2016-0318

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation...

CVE-2016-0317

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

CVE-2016-0316

Cross-site scripting XSS vulnerability in Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

Design/Logic Flaw

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation...

CVE-2016-0317

The CVE-2016-0317 issue affects IBM Jazz Reporting Service’s Lifecycle Query Engine (LQE) shipped with Jazz Reporting Service 6.0 and 6.0.1 (prior to 6.0.1 iFix006). The vulnerability enables remote attackers to hijack click actions (clickjacking) via unspecified vectors. The IBM advisory groups ...

CVE-2016-0318

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation...

IBM Jazz Reporting Service Lifecycle Query Engine LDAP Injection Vulnerability

IBM Jazz Reporting Service JRS is a suite of IBM USA applications for discovering cross-project reports that can be used in conjunction with IBM Rational CLM's Rational solution for managing all the lifecycles of a development project. CLM users can access JRS-provided reports from a dashboard th...

IBM Jazz Reporting Service Lifecycle Query Engine Cross-Site Request Forgery Vulnerability

IBM Jazz Reporting Service JRS is a suite of IBM USA applications for discovering cross-project reports that can be used in conjunction with IBM Rational CLM's Rational solution for managing all the lifecycles of a development project. CLM users can access JRS-provided reports from a dashboard th...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Lifecycle Query Engine LQE in IBM Jazz Reporting Service JRS 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...