2 matches found
Security Bulletin: Multiple security vulnerabilities affect the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2016-0316, CVE-2016-0317, CVE-2016-0318, CVE-2016-0319)
Summary There are multiple security vulnerabilities in the Lifecycle Query Engine LQE shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2016-0316 DESCRIPTION: IBM Jazz Reporting Service is vulnerable to cross-site scripting, caused by improper validation of user-supplied input...
CVE-2016-0319
CVE-2016-0319 affects IBM Jazz Reporting Service (LQE) bundled with Jazz Reporting Service versions 6.0 and 6.0.1. The issue arises in the XML parser when processing XML data: an external entity declaration together with an entity reference enables a local authenticated administrator to read arbi...