CVE-2018-1639

CWE-200 — Information Exposure3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 62.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Jazz Reporting Service

Timeline

PublishedNov 16

Latest updateMay 13

Description

The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/jazz_reporting_service5.0 — 5.0.2+2

▶CVEListV5ibm/jazz_reporting_service10 versions+9

🔴Vulnerability Details

GHSA

GHSA-68pg-xqhr-rqwp: The Report Builder of Jazz Reporting Service 5↗2022-05-13

▶

CVEList

CVE-2018-1639: The Report Builder of Jazz Reporting Service 5↗2018-11-16

▶