Ibm Jazz Reporting Service vulnerabilities
55 known vulnerabilities affecting ibm/jazz_reporting_service.
Total CVEs
55
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH7MEDIUM43LOW4
Vulnerabilities
Page 2 of 3
CVE-2018-1639MEDIUMCVSS 6.5≥ 5.0, ≤ 5.0.2≥ 6.0, ≤ 6.0.2+11 more2018-11-16
CVE-2018-1639 [MEDIUM] CWE-200 CVE-2018-1639: The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an
The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579.
cvelistv5nvd
CVE-2018-1363MEDIUMCVSS 5.4v5.0v5.0.1+7 more2018-04-25
CVE-2018-1363 [MEDIUM] CWE-79 CVE-2018-1363: IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137448.
cvelistv5nvd
CVE-2017-1750MEDIUMCVSS 5.4v5.0v5.0.1+7 more2018-04-25
CVE-2017-1750 [MEDIUM] CWE-79 CVE-2017-1750: IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135523.
cvelistv5nvd
CVE-2017-1340MEDIUMCVSS 5.0v6.0.42017-11-01
CVE-2017-1340 [MEDIUM] CWE-200 CVE-2017-1340: IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on an
IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455.
cvelistv5nvd
CVE-2017-1490MEDIUMCVSS 5.3v6.0v6.0.1+3 more2017-09-14
CVE-2017-1490 [MEDIUM] CWE-200 CVE-2017-1490: An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0
An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information.
cvelistv5nvd
CVE-2017-1370MEDIUMCVSS 4.9v5.0v5.0.1+6 more2017-07-31
CVE-2017-1370 [MEDIUM] CWE-209 CVE-2017-1370: IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user cr
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863.
cvelistv5nvd
CVE-2016-9987MEDIUMCVSS 5.4v5.0v5.0.1+5 more2017-07-05
CVE-2016-9987 [MEDIUM] CWE-79 CVE-2016-9987: IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553.
cvelistv5nvd
CVE-2017-1096MEDIUMCVSS 5.4v5.0v5.0.1+5 more2017-07-05
CVE-2017-1096 [MEDIUM] CWE-79 CVE-2017-1096: IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerabili
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120656.
cvelistv5nvd
CVE-2017-1157MEDIUMCVSS 4.3v5.0v6.0+5 more2017-07-05
CVE-2017-1157 [MEDIUM] CWE-200 CVE-2017-1157: IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788.
cvelistv5nvd
CVE-2016-9986MEDIUMCVSS 5.4v5.0v5.0.1+5 more2017-07-05
CVE-2016-9986 [MEDIUM] CWE-79 CVE-2016-9986: IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552.
cvelistv5nvd
CVE-2016-9989MEDIUMCVSS 5.4v5.0v5.0.1+5 more2017-07-05
CVE-2016-9989 [MEDIUM] CWE-79 CVE-2016-9989: IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120555.
cvelistv5nvd
CVE-2016-9988MEDIUMCVSS 5.4v5.0v5.0.1+5 more2017-07-05
CVE-2016-9988 [MEDIUM] CWE-79 CVE-2016-9988: IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120554.
cvelistv5nvd
CVE-2016-5898MEDIUMCVSS 4.3v5.0v5.0.1+4 more2017-02-01
CVE-2016-5898 [MEDIUM] CWE-254 CVE-2016-5898: IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caus
IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information.
nvd
CVE-2016-6039MEDIUMCVSS 5.4v6.0v6.0.1+1 more2017-02-01
CVE-2016-6039 [MEDIUM] CWE-79 CVE-2016-6039: IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows us
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
nvd
CVE-2016-6054MEDIUMCVSS 5.4v5.0v5.0.1+4 more2017-02-01
CVE-2016-6054 [MEDIUM] CWE-79 CVE-2016-6054: IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
nvd
CVE-2016-5899MEDIUMCVSS 5.4v5.0v5.0.1+4 more2017-02-01
CVE-2016-5899 [MEDIUM] CWE-79 CVE-2016-5899: IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows us
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
nvd
CVE-2016-5897MEDIUMCVSS 5.4v6.0v6.0.1+1 more2017-02-01
CVE-2016-5897 [MEDIUM] CWE-79 CVE-2016-5897: IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject mal
IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
nvd
CVE-2016-6047MEDIUMCVSS 5.4v6.0.22017-02-01
CVE-2016-6047 [MEDIUM] CWE-79 CVE-2016-6047: IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows us
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
nvd
CVE-2016-0319HIGHCVSS 7.5v6.0v6.0.12016-11-25
CVE-2016-0319 [HIGH] CWE-284 CVE-2016-0319: The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.
The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issu
nvd
CVE-2016-0316MEDIUMCVSS 5.4v6.0v6.0.1+1 more2016-11-25
CVE-2016-0316 [MEDIUM] CWE-79 CVE-2016-0316: Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Servi
Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
nvd