Lucene search
+L

367 matches found

NVD
NVD
added 2022/06/24 5:15 p.m.18 views

CVE-2021-20544

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931...

5.4CVSS0.00479EPSS
Exploits0References2
NVD
NVD
added 2022/06/24 5:15 p.m.20 views

CVE-2021-20543

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929...

5.4CVSS0.00605EPSS
Exploits0References2
NVD
NVD
added 2022/06/24 5:15 p.m.25 views

CVE-2021-38879

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057...

5.3CVSS0.01056EPSS
Exploits0References2
OSV
OSV
added 2022/06/24 5:15 p.m.8 views

CVE-2021-38879

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057...

5.3CVSS5.7AI score0.01056EPSS
Exploits0References2
NVD
NVD
added 2022/06/24 5:15 p.m.28 views

CVE-2021-20355

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891...

5.3CVSS0.01056EPSS
Exploits0References2
NVD
NVD
added 2022/06/24 5:15 p.m.20 views

CVE-2021-20421

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS0.00479EPSS
Exploits0References2
OSV
OSV
added 2022/06/24 5:15 p.m.7 views

CVE-2021-20355

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891...

5.3CVSS5.7AI score0.01056EPSS
Exploits0References2
Prion
Prion
added 2022/06/24 5:15 p.m.17 views

Code injection

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149...

2.1CVSS3.3AI score0.00249EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/06/24 5:15 p.m.13 views

Design/Logic Flaw

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch...

4.9CVSS5.4AI score0.00609EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/06/24 5:15 p.m.20 views

Cross site scripting

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

3.5CVSS5.2AI score0.00471EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/06/24 5:15 p.m.26 views

Design/Logic Flaw

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929...

3.5CVSS5.6AI score0.00605EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/06/24 5:15 p.m.25 views

Information disclosure

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057...

5CVSS4.9AI score0.01056EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/06/24 5:15 p.m.28 views

Information disclosure

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891...

5CVSS4.9AI score0.01056EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/06/24 5:15 p.m.18 views

Server side request forgery (ssrf)

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

4CVSS4.4AI score0.00479EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/06/24 5:15 p.m.16 views

Server side request forgery (ssrf)

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931...

4CVSS4.4AI score0.00479EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/06/24 4:15 p.m.61 views

CVE-2021-38879

IBM Jazz Team Server versions 6.0.6–7.0.2 are affected by an information disclosure vulnerability due to cookie HTTPOnly flag not being set. The underlying cause is the failure to mark the JSA_CSRF cookie as HttpOnly, allowing a remote attacker to obtain sensitive information from the cookie. Imp...

5.3CVSS4.9AI score0.01056EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/06/24 4:15 p.m.29 views

CVE-2021-38879

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057...

3.7CVSS5.1AI score0.01056EPSS
Exploits0References2
CVE
CVE
added 2022/06/24 4:15 p.m.69 views

CVE-2021-38871

CVE-2021-38871 affects IBM Jazz Team Server (versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2). Root cause: cross-site scripting due to unsafe handling of data in HTTP requests that is reflected in the Web UI, enabling an attacker to embed arbitrary JavaScript and potentially disclose credentials withi...

5.4CVSS5.2AI score0.00471EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/06/24 4:15 p.m.21 views

CVE-2021-38871

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

5.4CVSS5.3AI score0.00471EPSS
Exploits0References2
CVE
CVE
added 2022/06/24 4:15 p.m.58 views

CVE-2021-29865

The CVE-2021-29865 issue affects IBM Jazz Team Server versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2, where lack of proper HTTP headers (X-Frame-Options / Content-Security-Policy) enables clickjacking, allowing a remote attacker to hijack a user’s click actions by convincing the victim to visit a...

5.4CVSS5.4AI score0.00609EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder