Filtered by vendor Ibm Subscriptions
Filtered by product Jazz Reporting Service Subscriptions
Total 51 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-25052 1 Ibm 1 Jazz Reporting Service 2024-11-21 4.4 Medium
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363.
CVE-2021-20535 1 Ibm 1 Jazz Reporting Service 2024-11-21 5.4 Medium
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198834.
CVE-2020-4933 3 Ibm, Linux, Microsoft 3 Jazz Reporting Service, Linux Kernel, Windows 2024-11-21 5.4 Medium
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191751.
CVE-2020-4718 1 Ibm 1 Jazz Reporting Service 2024-11-21 5.4 Medium
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731.
CVE-2020-4541 1 Ibm 1 Jazz Reporting Service 2024-11-21 6.1 Medium
IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183039.
CVE-2020-4539 1 Ibm 1 Jazz Reporting Service 2024-11-21 6.1 Medium
IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2020-4533 1 Ibm 1 Jazz Reporting Service 2024-11-21 6.1 Medium
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182717.
CVE-2020-4419 1 Ibm 1 Jazz Reporting Service 2024-11-21 5.4 Medium
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180071.
CVE-2019-4651 1 Ibm 1 Jazz Reporting Service 2024-11-21 9.8 Critical
IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170962.
CVE-2019-4497 1 Ibm 1 Jazz Reporting Service 2024-11-21 5.4 Medium
IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164118.
CVE-2019-4495 1 Ibm 1 Jazz Reporting Service 2024-11-21 5.4 Medium
IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164116.
CVE-2019-4494 1 Ibm 1 Jazz Reporting Service 2024-11-21 5.4 Medium
IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164115.
CVE-2019-4184 1 Ibm 1 Jazz Reporting Service 2024-11-21 N/A
IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158974.
CVE-2019-4047 1 Ibm 1 Jazz Reporting Service 2024-11-21 4.3 Medium
IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243.
CVE-2018-2004 1 Ibm 1 Jazz Reporting Service 2024-11-21 N/A
IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155006.
CVE-2018-1918 1 Ibm 1 Jazz Reporting Service 2024-11-21 N/A
IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152785.
CVE-2018-1639 1 Ibm 1 Jazz Reporting Service 2024-11-21 N/A
The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579.
CVE-2018-1363 1 Ibm 1 Jazz Reporting Service 2024-11-21 N/A
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137448.
CVE-2017-1750 1 Ibm 1 Jazz Reporting Service 2024-11-21 N/A
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135523.
CVE-2017-1490 1 Ibm 1 Jazz Reporting Service 2024-11-21 N/A
An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information.