3 matches found
Cross site scripting
IBM Jazz Reporting Service JRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
Security Bulletin: Security vulnerability has been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2019-0232)
Summary Jazz Team Server is shipped as a component of Jazz Reporting Service JRS. Information about a security vulnerability affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. Vulnerability Details CVEID: CVE-2019-0232 DESCRIPTION: Apache Tomcat could...
CVE-2015-7465
CVE-2015-7465 concerns the Lifecycle Query Engine (LQE) within IBM Jazz Reporting Service (JRS). A CSRF vulnerability affects JRS 6.0 prior to 6.0.0-Rational-CLM-ifix005, enabling remote authenticated users to hijack the authentication of arbitrary users via requests that insert XSS sequences. Th...