69 matches found
jrs-unna.de Improper Access Control vulnerability OBB-3768385
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects Engineering Lifecycle Management and IBM Engineering products
Summary There is a high risk Remote Attack Vulnerability in Apache Log4j CVE-2021-44228 which is used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Workflow Management EWM, IBM Engineering Systems...
CVE-2019-4651
IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection, allowing a remote attacker to view, add, modify, or delete data in the back-end database. The issue affects the Report Builder shipped with JRS. IBM’s security bulletin recommends applying the interim fix 6.0.6.1‑Rational-CL...
CVE-2019-4651
IBM Jazz Reporting Service JRS 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170962...
CVE-2019-4497
IBM Jazz Reporting Service JRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
Cross site scripting
IBM Jazz Reporting Service JRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
Cross site scripting
IBM Jazz Reporting Service JRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
Cross site scripting
IBM Jazz Reporting Service JRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
CVE-2019-4497
CVE-2019-4497 affects IBM Jazz Reporting Service (JRS) versions 6.0–6.0.6.1. The vulnerability is a cross-site scripting flaw that lets attackers inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. The issue is documented across mul...
CVE-2019-4495
IBM Jazz Reporting Service (JRS) versions 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6 and 6.0.6.1 are affected by a cross-site scripting (XSS) vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Th...
CVE-2019-4494
CVE-2019-4494 affects IBM Jazz Reporting Service (JRS) versions 6.0 through 6.0.6.1, where the web UI is vulnerable to cross-site scripting that can embed arbitrary JavaScript and potentially disclose credentials in a trusted session. The IBM Security Bulletin lists affected versions and provides...
Security Bulletin: Security vulnerability has been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2019-2816)
Summary Jazz Team Server is shipped as a component of Jazz Reporting Service JRS. Information about a security vulnerability affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. Vulnerability Details CVEID: CVE-2019-2816 DESCRIPTION: An unspecified...
Security Bulletin: Security vulnerability has been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2019-0221)
Summary Jazz Team Server is shipped as a component of Jazz Reporting Service JRS. Information about a security vulnerability affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. Vulnerability Details CVEID: CVE-2019-0221 DESCRIPTION: Apache Tomcat is...
Security Bulletin: Security vulnerability has been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2019-0232)
Summary Jazz Team Server is shipped as a component of Jazz Reporting Service JRS. Information about a security vulnerability affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. Vulnerability Details CVEID: CVE-2019-0232 DESCRIPTION: Apache Tomcat could...
Information disclosure
IBM Jazz Reporting Service JRS 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243...
CVE-2018-2004
IBM Jazz Reporting Service JRS 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
CVE-2019-4047
IBM Jazz Reporting Service JRS 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243...
Cross site scripting
IBM Jazz Reporting Service JRS 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
CVE-2018-2004
CVE-2018-2004 affects IBM Jazz Reporting Service (JRS) versions 6.0–6.0.6. It is a cross-site scripting vulnerability that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The issue is documented with an IBM X-Force ID of...
CVE-2019-4047
CVE-2019-4047 affects IBM Jazz Reporting Service (JRS) 6.0.6. The Lifecycle Query Engine vulnerability could allow an authenticated user to access execution log files as a guest user, thereby obtaining server execution information. Root cause details are not explicitly broken out in the provided ...