VYPR

Jazz Reporting Service

by IBM

CVEs (55)

  • CVE-2016-5897MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

  • CVE-2016-0316MedNov 25, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2016-2888MedJul 8, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted…

  • CVE-2016-0350MedJul 8, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted…

  • CVE-2016-0313MedJul 8, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted…

  • CVE-2015-7467MedJan 17, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2017-1340MedNov 1, 2017
    risk 0.33cvss 5.0epss 0.01

    IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455.

  • CVE-2016-0318MedNov 25, 2016
    risk 0.33cvss 5.0epss 0.01

    Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation.

  • CVE-2017-1370MedJul 31, 2017
    risk 0.32cvss 4.9epss 0.01

    IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863.

  • CVE-2017-1157MedJul 5, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788.

  • CVE-2016-5898MedFeb 1, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information.

  • CVE-2015-7469MedJan 17, 2016
    risk 0.28cvss 4.3epss 0.01

    Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restrictions by leveraging a JazzGuest role.

  • CVE-2015-7468MedJan 17, 2016
    risk 0.28cvss 4.3epss 0.01

    Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors.

  • CVE-2015-7466LowJan 10, 2016
    risk 0.20cvss 3.1epss 0.01

    Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors.

  • CVE-2025-2134Feb 4, 2026
    risk 0.00cvss epss 0.00

    IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries due to insufficient resource pooling.

  • CVE-2025-27550Feb 4, 2026
    risk 0.00cvss epss 0.00

    IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server.

  • CVE-2025-1823Feb 4, 2026
    risk 0.00cvss epss 0.00

    IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources.

  • CVE-2024-25051Apr 2, 2025
    risk 0.00cvss epss 0.00

    IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system.

  • CVE-2024-25052Jun 13, 2024
    risk 0.00cvss epss 0.00

    IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363.

  • CVE-2021-20535May 13, 2021
    risk 0.00cvss epss 0.01

    IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM…