Jazz Reporting Service@5.0.1 Security Vulnerabilities and Issues — Jazz Reporting Service@5.0.1 CVE List

Lucene search

IbmJazz Reporting Service5.0.1

24 matches found

CVE•added 2018/04/25 1:29 p.m.•48 views

CVE-2017-1750

IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted se...

5.4CVSS5.2AI score0.00237EPSS

CVE•added 2016/07/08 1:59 a.m.•45 views

CVE-2016-0313

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulner...

5.4CVSS5AI score0.00213EPSS

CVE•added 2017/02/01 8:59 p.m.•44 views

CVE-2016-6054

IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.2AI score0.00227EPSS

CVE•added 2017/02/01 8:59 p.m.•42 views

CVE-2016-5899

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.2AI score0.00227EPSS

CVE•added 2017/02/01 8:59 p.m.•41 views

CVE-2016-5898

IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information.

4.3CVSS4.7AI score0.00136EPSS

CVE•added 2017/07/05 6:29 p.m.•41 views

CVE-2017-1096

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 12065...

5.4CVSS5.2AI score0.00269EPSS

CVE•added 2016/01/17 5:59 a.m.•40 views

CVE-2015-7468

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors.

4.3CVSS5.2AI score0.00118EPSS

CVE•added 2016/01/17 5:59 a.m.•40 views

CVE-2015-7470

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors, as demonstrated by login information.

7.5CVSS7.1AI score0.00234EPSS

CVE•added 2016/07/08 1:59 a.m.•38 views

CVE-2016-0350

5.4CVSS5AI score0.00213EPSS

CVE•added 2017/07/05 6:29 p.m.•38 views

CVE-2016-9988

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

5.4CVSS5.2AI score0.00269EPSS

CVE•added 2018/04/25 1:29 p.m.•38 views

CVE-2018-1363

5.4CVSS5.2AI score0.00237EPSS

CVE•added 2017/07/05 6:29 p.m.•37 views

CVE-2016-9986

5.4CVSS5.2AI score0.00269EPSS

CVE•added 2018/11/16 4:0 p.m.•37 views

CVE-2018-1639

The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579.

6.5CVSS6AI score0.00162EPSS

CVE•added 2016/07/08 1:59 a.m.•36 views

CVE-2016-0314

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors.

6.5CVSS6.9AI score0.0015EPSS

CVE•added 2017/07/05 6:29 p.m.•36 views

CVE-2016-9987

5.4CVSS5.2AI score0.00269EPSS

CVE•added 2017/07/05 6:29 p.m.•36 views

CVE-2016-9989

5.4CVSS5.2AI score0.00269EPSS

CVE•added 2016/01/17 5:59 a.m.•35 views

CVE-2015-7469

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restrictions by leveraging a JazzGuest role.

4.3CVSS5.3AI score0.00118EPSS

CVE•added 2016/07/08 1:59 a.m.•35 views

CVE-2016-0315

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation.

8.8CVSS8.2AI score0.0047EPSS

CVE•added 2016/07/08 1:59 a.m.•35 views

CVE-2016-2888

5.4CVSS5AI score0.00213EPSS

CVE•added 2017/07/05 6:29 p.m.•35 views

CVE-2017-1157

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788.

4.3CVSS4.6AI score0.00212EPSS

CVE•added 2017/07/31 9:29 p.m.•35 views

CVE-2017-1370

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863.

4.9CVSS4.9AI score0.00258EPSS

CVE•added 2016/07/08 1:59 a.m.•34 views

CVE-2016-2889

Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbi...

8.8CVSS8.5AI score0.00105EPSS

CVE•added 2016/01/29 11:59 a.m.•30 views

CVE-2015-7464

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder server outage) via a crafted request to a Report Builder instance URL.

7.5CVSS7.2AI score0.00869EPSS

CVE•added 2016/01/17 5:59 a.m.•30 views

CVE-2015-7467

Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS5.5AI score0.00168EPSS