Ibm Jazz Team Server vulnerabilities
10 known vulnerabilities affecting ibm/jazz_team_server.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM9LOW1
Vulnerabilities
Page 1 of 1
CVE-2021-20421MEDIUMCVSS 4.3v6.0.6v6.0.6.1+3 more2022-06-24
CVE-2021-20421 [MEDIUM] CWE-918 CVE-2021-20421: IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forg
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
cvelistv5nvd
CVE-2021-38879MEDIUMCVSS 5.3v6.0.6v6.0.6.1+3 more2022-06-24
CVE-2021-38879 [MEDIUM] CWE-732 CVE-2021-38879: IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain s
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057.
cvelistv5nvd
CVE-2021-29865MEDIUMCVSS 5.4v6.0.6v6.0.6.1+3 more2022-06-24
CVE-2021-29865 [MEDIUM] CWE-1021 CVE-2021-29865: IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack t
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 20
cvelistv5nvd
CVE-2021-20544MEDIUMCVSS 4.3v6.0.6v6.0.6.1+3 more2022-06-24
CVE-2021-20544 [MEDIUM] CWE-918 CVE-2021-20544: IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forg
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931.
cvelistv5nvd
CVE-2021-20543MEDIUMCVSS 5.4v6.0.6v6.0.6.1+3 more2022-06-24
CVE-2021-20543 [MEDIUM] CWE-79 CVE-2021-20543: IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929.
cvelistv5nvd
CVE-2021-20355MEDIUMCVSS 5.3v6.0.6v6.0.6.1+3 more2022-06-24
CVE-2021-20355 [MEDIUM] CWE-732 CVE-2021-20355: IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain s
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891.
cvelistv5nvd
CVE-2021-38871MEDIUMCVSS 5.4v6.0.6v6.0.6.1+3 more2022-06-24
CVE-2021-38871 [MEDIUM] CWE-79 CVE-2021-38871: IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. Th
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208345.
cvelistv5nvd
CVE-2021-20551LOWCVSS 3.3v6.0.6v6.0.6.1+3 more2022-06-24
CVE-2021-20551 [LOW] CWE-668 CVE-2021-20551: IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally whi
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.
cvelistv5nvd
CVE-2021-39043MEDIUMCVSS 5.4v6.0.6v6.0.6.1+3 more2022-05-20
CVE-2021-39043 [MEDIUM] CWE-79 CVE-2021-39043: IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site script
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214032.
cvelistv5nvd
CVE-2021-39059MEDIUMCVSS 5.4v6.0.6v6.0.6.1+3 more2022-05-11
CVE-2021-39059 [MEDIUM] CWE-79 CVE-2021-39059: IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cr
IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619.
cvelistv5nvd