22 matches found
CVE-2020-4697
CVE-2020-4697 is a cross-site scripting vulnerability in IBM Jazz Foundation and related IBM Engineering products (notably IBM Engineering Workflow Management). The Web UI can be affected by an attacker embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted...
CVE-2020-4544
IBM CVE-2020-4544 describes an information-disclosure vulnerability in IBM Jazz Foundation where a remote attacker could obtain sensitive data from detailed technical error messages returned by the browser. The issue affects IBM Jazz Foundation products within the IBM Engineering Lifecycle Manage...
CVE-2020-4733
The CVE-2020-4733 entry corresponds to a cross-site scripting vulnerability in IBM Jazz Foundation/Engineering products (IBM Engineering Test Management and related Web UI components). The IBM Security Bulletin lists affected products and versions, noting that an attacker could embed arbitrary Ja...
CVE-2020-4487
Summary: The CVE-2020-4487 issue affects IBM Jazz Foundation and related IBM Engineering Lifecycle Management products (e.g., ELM, DOORS Next, ENI, EWM, RTC, RMM, RDM, RQM, ELN) where a remote attacker could obtain sensitive information from a detailed technical error message returned by a browse...
CVE-2020-4691
CVE-2020-4691 is an XSS vulnerability in IBM Jazz Foundation products (and related IBM Engineering Workflow Management components) where an attacker could embed arbitrary JavaScript in the Web UI, potentially exposing credentials in a trusted session. The connected IBM security bulletin lists aff...
CVE-2021-20506
CVE-2021-20506 concerns IBM Jazz Foundation products (notably IBM Engineering Workflow Management, IBM Engineering Lifecycle Optimization – Engineering Insights, IBM Engineering Requirements Quality Assistant On-Premises, among others) suffering from cross-site scripting in the Web UI that could ...
CVE-2021-20447
CVE-2021-20447 affects IBM Jazz Foundation products with a cross-site scripting (XSS) vulnerability in the Web UI that can allow embedding arbitrary JavaScript and potentially lead to credentials disclosure within a trusted session. Connected sources confirm affected components such as IBM Engine...
CVE-2021-20518
The CVE-2021-20518 issue affects IBM Jazz Foundation products (EWM, RTC, RELM, ENI, and IBM Engineering Requirements Quality Assistant On-Premises). It is described as a cross-site scripting vulnerability allowing an attacker to embed arbitrary JavaScript in the Web UI, with potential credential ...
CVE-2021-20520
CVE-2021-20520 is an IBM Jazz Foundation cross-site scripting (XSS) vulnerability affecting IBM Jazz Team Server based applications. The issue allows an attacker to inject arbitrary JavaScript into the Web UI, potentially exposing credentials within a trusted session. Affected products/versions i...
CVE-2021-20357
CVE-2021-20357 affects IBM Jazz Foundation products with a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript and, in a trusted session, potentially disclose credentials. Connected sources corroborate a Web UI XSS across multiple IBM Jazz/F...
CVE-2021-20352
Summary (CVE-2021-20352) : IBM Jazz Foundation products are vulnerable to cross-site scripting that can let an attacker embed arbitrary JavaScript in the Web UI, potentially disclosing credentials within a trusted session. The vulnerability affects multiple IBM Jazz-related products/versions, inc...
CVE-2021-20504
CVE-2021-20504 affects IBM Jazz Foundation products with a cross-site scripting vulnerability in the Web UI that could lead to credentials disclosure in a trusted session. Affected products/versions include IBM Engineering Workflow Management (EWM) 7.0, 7.0.1, 7.0.2; IBM Engineering Lifecycle Opt...
CVE-2021-20519
CVE-2021-20519 affects IBM Jazz Team Server products with a cross-site scripting flaw in the Web UI that can allow attackers to embed arbitrary JavaScript and potentially disclose credentials in a trusted session. Public details consistently describe the impact as UI manipulation and credential e...
CVE-2021-20502
IBM Jazz Foundation Products are affected by an XML External Entity (XXE) vulnerability in XML processing (CVE-2021-20502). Impact could include exposure of sensitive data or memory/resource exhaustion. Affected offerings include EWM, RTC, RELM, ENI, and IBM Engineering Requirements Quality Assis...
CVE-2020-4865
CVE-2020-4865 is a cross-site scripting vulnerability in IBM Jazz Foundation products (notably IBM Engineering Workflow Management and related IBM Jazz Team Server components) where attackers could inject arbitrary JavaScript into the Web UI, potentially leaking credentials within a trusted sessi...
CVE-2021-20503
CVE-2021-20503 concerns IBM Jazz Foundation products and is described as a cross-site scripting vulnerability that could allow an attacker to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The initial and linked records indicate a...
CVE-2020-4920
CVE-2020-4920 affects IBM Jazz Team Server. Public details in connected CNVD/NVD entries describe a stored cross-site scripting vulnerability in the Jazz Team Server Web UI that can lead to credential disclosure within a trusted session. Remediation in the IBM bulletin section recommends upgradin...
CVE-2020-4965
CVE-2020-4965 affects IBM Jazz Team Server / Jazz Foundation (IBM Engineering Lifecycle Management). The vulnerability stems from weaker-than-expected cryptographic algorithms that could allow decrypting highly sensitive information. Public scoring varies: CVSSv3.1 base 7.5 (Network, High impact ...
CVE-2020-4855
The CVE-2020-4855 issue affects IBM Jazz Foundation products and is a cross-site scripting vulnerability in the Web UI that could enable an attacker to inject arbitrary JavaScript and potentially disclose credentials in a trusted session. Affected components include IBM Jazz Team Server family (E...
CVE-2020-4524
CVE-2020-4524 concerns an IBM Jazz Foundation cross-site scripting vulnerability in the Web UI that can allow embedding arbitrary JavaScript and potentially disclose credentials within a trusted session. The issue affects IBM Jazz Foundation family products (and related IBM ELM/RTC/RM components)...
CVE-2020-4964
CVE-2020-4964 affects IBM Jazz Team Server and related IBM Engineering Lifecycle Management components. The vulnerability is described as an undisclosed issue allowing an authenticated user to display a customized message within the application to phish other users. Public details from IBM’s bull...
CVE-2020-4547
IBM Jazz Foundation products are affected by CVE-2020-4547, a remote, click-hijacking vulnerability where誘 users are tricked into visiting a malicious site, enabling an attacker to hijack the victim’s clicking actions and potentially launch further attacks. Affected stack spans IBM Jazz Team Serv...