Skip to main content

Jazz For Service Management

25 CVEs product

Monthly

CVE-2025-36011 MEDIUM Monitor

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz For Service Management
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-52892 MEDIUM This Month

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-47106 MEDIUM This Month

IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Path Traversal Jazz For Service Management
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-35722 MEDIUM PATCH This Month

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-35721 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38877 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29905 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29904 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Jazz For Service Management
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29833 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29832 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29816 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Jazz For Service Management
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-29815 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29814 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29813 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29812 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29810 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29800 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29831 HIGH PATCH This Week

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Jazz For Service Management Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2019-4186 MEDIUM This Month

IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Jazz For Service Management
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-4275 MEDIUM This Month

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Jazz For Service Management
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-4194 MEDIUM This Month

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz For Service Management
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2019-4193 HIGH PATCH This Week

IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Jazz For Service Management
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-4201 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Open Redirect Jazz For Service Management
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2017-1746 HIGH PATCH This Week

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Jazz For Service Management
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-1631 HIGH PATCH This Week

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Jazz For Service Management
NVD
CVSS 3.0
8.8
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz For Service Management
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Path Traversal +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management +1
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Jazz For Service Management +1
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Jazz For Service Management
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Jazz For Service Management
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz For Service Management
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Jazz For Service Management
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Open Redirect Jazz For Service Management
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Jazz For Service Management
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Jazz For Service Management
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy