Skip to main content

Jazz Reporting Service CVE-2016-0318

MEDIUM
Improper Access Control (CWE-284)
2016-11-25 psirt@us.ibm.com
5.0
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Nov 25, 2016 - 20:59 cve.org
MEDIUM 5.0

DescriptionCVE.org

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation.

AnalysisAI

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified under CWE-284. Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation. Affected products include: Ibm Jazz Reporting Service. Version information: before 6.0.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-0315 HIGH
8.8 Jul 08

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and

CVE-2016-2889 HIGH
8.8 Jul 08

Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Re

CVE-2015-7465 HIGH
8.8 Jan 10

Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0

CVE-2015-7464 HIGH
7.5 Jan 29

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-C

CVE-2016-0319 HIGH
7.5 Nov 25

The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows r

CVE-2015-7470 HIGH
7.5 Jan 17

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-C

CVE-2024-25051 MEDIUM
6.6 Apr 02

IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated p

CVE-2016-0317 MEDIUM
6.5 Nov 25

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to

CVE-2016-0314 MEDIUM
6.5 Jul 08

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and

CVE-2018-1639 MEDIUM
6.5 Nov 16

The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user t

CVE-2020-4541 MEDIUM
6.1 Aug 10

IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this v

CVE-2020-4539 MEDIUM
6.1 Aug 10

IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. Rated medium sev

Share

CVE-2016-0318 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy