CVE-2021-29701
https://notcve.org/view.php?id=CVE-2021-29701
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657. IBM Engineering Workflow Management versiones 7.0, 7.0.1 y 7.0.2, así como IBM Rational Team Concert versiones 6.0.6 y 6.0.6.1, podrían permitir a un atacante autenticado conseguir información confidencial de las definiciones de compilación que podría ayudar a realizar más ataques contra el sistema. X-Force ID: 200657 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200657 https://www.ibm.com/support/pages/node/6539546 •
CVE-2021-29844
https://notcve.org/view.php?id=CVE-2021-29844
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facilitar otros ataques • https://exchange.xforce.ibmcloud.com/vulnerabilities/205205 https://www.ibm.com/support/pages/node/6508583 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-29786
https://notcve.org/view.php?id=CVE-2021-29786
IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172. Los productos IBM Jazz Team Server almacenan las credenciales de usuario en texto sin cifrar que puede leer un usuario autenticado. IBM X-Force ID: 203172 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203172 https://www.ibm.com/support/pages/node/6508583 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2021-29774
https://notcve.org/view.php?id=CVE-2021-29774
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025. Los productos IBM Jazz Team Server podrían permitir a un usuario autenticado alcanzar privilegios elevados bajo determinadas configuraciones. IBM X-Force ID: 203025 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203025 https://www.ibm.com/support/pages/node/6508583 •
CVE-2020-5004
https://notcve.org/view.php?id=CVE-2020-5004
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957. Los productos de IBM Jazz Foundation son vulnerables al cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario de la web, alterando así la funcionalidad prevista y llevando potencialmente a la divulgación de credenciales dentro de una sesión de confianza. • https://exchange.xforce.ibmcloud.com/vulnerabilities/192957 https://www.ibm.com/support/pages/node/6475919 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •