RSS   Vulnerabilities for 'Jazz reporting service'   RSS

2019-05-29
 
CVE-2019-4184

CWE-79
 

 
IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158974.

 
2019-04-29
 
CVE-2019-4047

CWE-200
 

 
IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243.

 
 
CVE-2018-2004

CWE-79
 

 
IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155006.

 
2018-11-16
 
CVE-2018-1639

CWE-200
 

 
The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579.

 
2018-04-25
 
CVE-2018-1363

CWE-79
 

 
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137448.

 
 
CVE-2017-1750

CWE-79
 

 
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135523.

 
2017-11-01
 
CVE-2017-1340

CWE-200
 

 
IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455.

 
2017-09-14
 
CVE-2017-1490

 

 
An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information.

 
2017-07-31
 
CVE-2017-1370

 

 
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863.

 
2017-07-05
 
CVE-2017-1157

 

 
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788.

 


Copyright 2019, cxsecurity.com

 

Back to Top