CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41785 – IBM Concert cross-site scripting
https://notcve.org/view.php?id=CVE-2024-41785
15 Nov 2024 — IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7173596 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43177 – IBM Concert improper certificate validation
https://notcve.org/view.php?id=CVE-2024-43177
22 Oct 2024 — IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. • https://www.ibm.com/support/pages/node/7173596 • CWE-295: Improper Certificate Validation •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43173 – IBM Concert information disclosure
https://notcve.org/view.php?id=CVE-2024-43173
22 Oct 2024 — IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. • https://www.ibm.com/support/pages/node/7173596 • CWE-1275: Sensitive Cookie with Improper SameSite Attribute •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43180 – IBM Concert information disclosure
https://notcve.org/view.php?id=CVE-2024-43180
13 Sep 2024 — IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://exchange.xforce.ibmcloud.com/vulnerabilities/351213 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4989
https://notcve.org/view.php?id=CVE-2020-4989
15 Mar 2022 — IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707. IBM Engineering Workflow Management versiones 7.0, 7.0.1 y 7.0.2 e IBM Rational Team Concert 6.0.6 y 6.0.0.1 podrían permitir a un usuario autenticado obtener información confidencial sobre las definiciones de construcción. IBM X-Force ID: 192707 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192707 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-29701
https://notcve.org/view.php?id=CVE-2021-29701
11 Jan 2022 — IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657. IBM Engineering Workflow Management versiones 7.0, 7.0.1 y 7.0.2, así como IBM Rational Team Concert versiones 6.0.6 y 6.0.6.1, podrían permitir a un atacante autenticado conseguir información confidencial de las definiciones de... • https://exchange.xforce.ibmcloud.com/vulnerabilities/200657 •
CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-29844
https://notcve.org/view.php?id=CVE-2021-29844
27 Oct 2021 — IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facili... • https://exchange.xforce.ibmcloud.com/vulnerabilities/205205 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2021-29786
https://notcve.org/view.php?id=CVE-2021-29786
27 Oct 2021 — IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172. Los productos IBM Jazz Team Server almacenan las credenciales de usuario en texto sin cifrar que puede leer un usuario autenticado. IBM X-Force ID: 203172 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203172 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2021-29774
https://notcve.org/view.php?id=CVE-2021-29774
27 Oct 2021 — IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025. Los productos IBM Jazz Team Server podrían permitir a un usuario autenticado alcanzar privilegios elevados bajo determinadas configuraciones. IBM X-Force ID: 203025 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203025 •
CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2021-29713
https://notcve.org/view.php?id=CVE-2021-29713
27 Oct 2021 — IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conll... • https://exchange.xforce.ibmcloud.com/vulnerabilities/200967 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •