VYPR

Jazz Foundation

by IBM

CVEs (76)

  • CVE-2016-9707HigMar 31, 2017
    risk 0.53cvss 8.1epss 0.02

    IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM…

  • CVE-2017-1762MedMar 23, 2018
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2017-1655MedMar 23, 2018
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2017-1629MedMar 23, 2018
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2017-1653MedJan 26, 2018
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2017-1164MedOct 25, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036.

  • CVE-2016-9973MedJun 13, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.

  • CVE-2016-8968MedFeb 15, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515.

  • CVE-2016-6061MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-6054MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-6030MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-6040MedFeb 1, 2017
    risk 0.33cvss 5.0epss 0.01

    IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.

  • CVE-2018-1492MedJul 10, 2018
    risk 0.28cvss 4.3epss 0.00

    IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.

  • CVE-2018-1423MedJul 10, 2018
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.

  • CVE-2017-1509MedJul 6, 2018
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719.

  • CVE-2017-1524MedMar 23, 2018
    risk 0.28cvss 4.3epss 0.02

    IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970.

  • CVE-2017-1507MedDec 11, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.

  • CVE-2017-1570MedNov 27, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.

  • CVE-2017-1241MedOct 25, 2017
    risk 0.28cvss 4.3epss 0.01

    An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523.

  • CVE-2016-9700MedJul 5, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528.

Page 1 of 4