CVE-2016-0317Improper Access Control in IBM Jazz Reporting Service

CWE-284Improper Access Control3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 56.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Jazz Reporting Service
Timeline
PublishedNov 25
Latest updateMay 17

Description

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDibm/jazz_reporting_service6.0, 6.0.1+1

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-hc5j-hx4c-4gvf: Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 62022-05-17
CVEList
CVE-2016-0317: Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 62016-11-25
CVE-2016-0317 — Improper Access Control in IBM | cvebase