CVE-2015-7466Injection in IBM Jazz Reporting Service

CWE-74Injection3 documents3 sources
Severity
3.1LOWNVD
EPSS
0.2%
top 59.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Jazz Reporting Service
Timeline
PublishedJan 10
Latest updateMay 17

Description

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-8w4x-qvff-phv6: Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 62022-05-17
CVEList
CVE-2015-7466: Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 62016-01-10
CVE-2015-7466 — Injection in IBM Jazz Reporting Service | cvebase