Skip to main content

Jazz Reporting Service

47 CVEs product

Monthly

CVE-2024-25051 MEDIUM This Month

IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Jazz Reporting Service
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-25052 MEDIUM This Month

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-20535 MEDIUM This Month

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Jazz Reporting Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-4718 MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4541 MEDIUM PATCH This Month

IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4539 MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4533 MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4419 MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4497 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4495 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4494 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4184 MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2019-4047 MEDIUM This Month

IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Jazz Reporting Service
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2018-1639 MEDIUM This Month

The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-1363 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2017-1340 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
5.0
EPSS
0.2%
CVE-2017-1490 MEDIUM PATCH This Month

An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-1370 MEDIUM This Month

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
4.9
EPSS
0.3%
CVE-2017-1157 MEDIUM This Month

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1096 MEDIUM This Month

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9989 MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9988 MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9987 MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9986 MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-6054 MEDIUM PATCH This Month

IBM Jazz Foundation is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6047 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6039 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5899 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5898 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-5897 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0319 HIGH PATCH This Week

The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service XXE Authentication Bypass Jazz Reporting Service
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-0318 MEDIUM PATCH This Month

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

IBM Authentication Bypass Jazz Reporting Service
NVD
CVSS 3.0
5.0
EPSS
0.4%
CVE-2016-0317 MEDIUM PATCH This Month

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Jazz Reporting Service
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-0316 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2889 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Jazz Reporting Service
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-2888 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0350 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0315 HIGH This Week

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Jazz Reporting Service
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-0314 MEDIUM This Month

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-0313 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-7464 HIGH PATCH This Week

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Jazz Reporting Service
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-7470 HIGH PATCH This Week

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows man-in-the-middle attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Jazz Reporting Service
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2015-7469 MEDIUM PATCH This Month

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Jazz Reporting Service
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2015-7468 MEDIUM PATCH This Month

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Jazz Reporting Service
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2015-7467 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-7466 LOW Monitor

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Jazz Reporting Service
NVD
CVSS 3.0
3.1
EPSS
0.2%
CVE-2015-7465 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS CSRF Jazz Reporting Service
NVD
CVSS 3.0
8.8
EPSS
0.1%
EPSS 0% CVSS 6.6
MEDIUM This Month

IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Jazz Reporting Service
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Jazz Reporting Service
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Jazz Reporting Service
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Jazz Reporting Service
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service XXE +2
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

IBM Authentication Bypass Jazz Reporting Service
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Jazz Reporting Service
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Jazz Reporting Service
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Jazz Reporting Service
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Jazz Reporting Service
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Jazz Reporting Service
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows man-in-the-middle attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Jazz Reporting Service
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Jazz Reporting Service
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Jazz Reporting Service
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Jazz Reporting Service
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Jazz Reporting Service
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS CSRF +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy