Ibm Jazz Foundation vulnerabilities

12 known vulnerabilities affecting ibm/jazz_foundation.

Total CVEs

12

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1MEDIUM11

Vulnerabilities

Page 1 of 1

CVE-2025-15395MEDIUMCVSS 5.4v7.0.3v7.1.0+2 more2026-02-02

CVE-2025-15395 [MEDIUM] CWE-863 CVE-2025-15395: IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to acc IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.

CVE-2025-1826MEDIUMCVSS 5.4v7.0.2v7.0.3+4 more2025-10-07

CVE-2025-1826 [MEDIUM] CWE-79 CVE-2025-1826: IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0. IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote

CVE-2025-25048MEDIUMCVSS 6.5v7.0.2v7.0.3+4 more2025-09-04

CVE-2025-25048 [MEDIUM] CWE-23 CVE-2025-25048: IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1. IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory.

CVE-2024-43184MEDIUMCVSS 6.1v7.0.2v7.0.3+4 more2025-09-04

CVE-2024-43184 [MEDIUM] CWE-79 CVE-2024-43184: IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1. IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus

CVE-2025-36157CRITICALCVSS 9.1v7.0.2v7.0.3+1 more2025-08-24

CVE-2025-36157 [CRITICAL] CWE-863 CVE-2025-36157: IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.

CVE-2021-29669MEDIUMCVSS 5.4v6.0.6v6.0.6.1+4 more2025-01-12

CVE-2021-29669 [MEDIUM] CWE-79 CVE-2021-29669: IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. Thi IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2024-5591MEDIUMCVSS 4.3v7.0.2v7.0.3+2 more2025-01-03

CVE-2024-5591 [MEDIUM] CWE-209 CVE-2024-5591: IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive inform IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

CVE-2024-41780MEDIUMCVSS 4.6v7.0.2v7.0.3+2 more2025-01-03

CVE-2024-41780 [MEDIUM] CWE-359 CVE-2024-41780: IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry.

CVE-2023-45181MEDIUMCVSS 6.1fixed in 7.0.3v7.0.22024-11-25

CVE-2023-45181 [MEDIUM] CWE-79 CVE-2023-45181: IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allow IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2023-26280MEDIUMCVSS 5.3v7.0.2v7.0.3+1 more2024-11-25

CVE-2023-26280 [MEDIUM] CWE-266 CVE-2023-26280: IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially c IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.

CVE-2021-39059MEDIUMCVSS 5.4v6.0.6v6.0.6.1+3 more2022-05-11

CVE-2021-39059 [MEDIUM] CWE-79 CVE-2021-39059: IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cr IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619.

CVE-2019-4457MEDIUMCVSS 6.5≥ 6.0.0, ≤ 6.0.6.12020-02-19

CVE-2019-4457 [MEDIUM] CVE-2019-4457: IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authen IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 163654.