4 matches found
CVE-2023-26280
IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control...
CVE-2023-26280 IBM Jazz Foundation improper access control
IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control...
CVE-2023-26280 IBM Jazz Foundation improper access control
IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in User Dashboards
Summary A vulnerability was reported in dashboard during pen testing. User's dashboard could be changed with a PUT request which did not check the user's identity, and this request enabled a user to change any dashboard the user has read access to. This bulletin contains information regarding the...