Jazz Reporting Service Security Vulnerabilities and Issues — Jazz Reporting Service CVE List

Lucene search

IbmJazz Reporting Service

17 matches found

CVE•added 2016/01/10 3:59 a.m.•149 views

CVE-2015-7465

Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

8.8CVSS8.3AI score0.00105EPSS

CVE•added 2016/11/25 8:59 p.m.•47 views

CVE-2016-0317

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

6.5CVSS6.4AI score0.00212EPSS

CVE•added 2016/07/08 1:59 a.m.•45 views

CVE-2016-0313

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulner...

5.4CVSS5AI score0.00213EPSS

CVE•added 2016/01/17 5:59 a.m.•40 views

CVE-2015-7468

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors.

4.3CVSS5.2AI score0.00118EPSS

CVE•added 2016/01/17 5:59 a.m.•40 views

CVE-2015-7470

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors, as demonstrated by login information.

7.5CVSS7.1AI score0.00234EPSS

CVE•added 2016/11/25 8:59 p.m.•38 views

CVE-2016-0316

Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS5.3AI score0.00168EPSS

CVE•added 2016/07/08 1:59 a.m.•38 views

CVE-2016-0350

5.4CVSS5AI score0.00213EPSS

CVE•added 2016/01/10 3:59 a.m.•36 views

CVE-2015-7466

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors.

4CVSS3.9AI score0.00188EPSS

CVE•added 2016/07/08 1:59 a.m.•36 views

CVE-2016-0314

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors.

6.5CVSS6.9AI score0.0015EPSS

CVE•added 2016/01/17 5:59 a.m.•35 views

CVE-2015-7469

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restrictions by leveraging a JazzGuest role.

4.3CVSS5.3AI score0.00118EPSS

CVE•added 2016/07/08 1:59 a.m.•35 views

CVE-2016-0315

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation.

8.8CVSS8.2AI score0.0047EPSS

CVE•added 2016/11/25 8:59 p.m.•35 views

CVE-2016-0319

The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity...

7.5CVSS7.2AI score0.00547EPSS

CVE•added 2016/07/08 1:59 a.m.•35 views

CVE-2016-2888

5.4CVSS5AI score0.00213EPSS

CVE•added 2016/07/08 1:59 a.m.•34 views

CVE-2016-2889

Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbi...

8.8CVSS8.5AI score0.00105EPSS

CVE•added 2016/01/29 11:59 a.m.•30 views

CVE-2015-7464

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder server outage) via a crafted request to a Report Builder instance URL.

7.5CVSS7.2AI score0.00869EPSS

CVE•added 2016/01/17 5:59 a.m.•30 views

CVE-2015-7467

Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS5.5AI score0.00168EPSS

CVE•added 2016/11/25 8:59 p.m.•29 views

CVE-2016-0318

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation.

6CVSS5.6AI score0.0036EPSS