CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29816
https://notcve.org/view.php?id=CVE-2021-29816
23 Sep 2021 — IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204341. IBM Jazz for Service Management versión 1.1.3.10 e IBM Tivoli Netcool/OMNIbus_GUI es vulnerable a un ataque de tipo cross-site request forgery, que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/204341 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29815
https://notcve.org/view.php?id=CVE-2021-29815
23 Sep 2021 — IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204340. IBM Jazz for Service Management versión 1.1.3.10 e IBM Tivoli Netcool/OMNIbus_GUI, son vulnerables a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/204340 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29814
https://notcve.org/view.php?id=CVE-2021-29814
23 Sep 2021 — IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204334. IBM Jazz for Service Management versión 1.1.3.10 e IBM Tivoli Netcool/OMNIbus_GUI, son vulnerables a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/204334 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29813
https://notcve.org/view.php?id=CVE-2021-29813
23 Sep 2021 — IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204331. IBM Jazz for Service Management versión 1.1.3.10 e IBM Tivoli Netcool/OMNIbus_GUI, son vulnerables a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/204331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29812
https://notcve.org/view.php?id=CVE-2021-29812
23 Sep 2021 — IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204330. IBM Jazz for Service Management versión 1.1.3.10 e IBM Tivoli Netcool/OMNIbus_GUI, son vulnerables a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/204330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29810
https://notcve.org/view.php?id=CVE-2021-29810
23 Sep 2021 — IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204279. IBM Jazz for Service Management versión 1.1.3.10 e IBM Tivoli Netcool/OMNIbus_GUI, son vulnerables a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/204279 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29800
https://notcve.org/view.php?id=CVE-2021-29800
23 Sep 2021 — IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Tivoli Netcool/OMNIbus_GUI e IBM Jazz for Service Management versión 1.1.3.10, son vulnerables a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios inser... • https://exchange.xforce.ibmcloud.com/vulnerabilities/203906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29831
https://notcve.org/view.php?id=CVE-2021-29831
21 Sep 2021 — IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775. IBM Jazz for Service Management versión 1.1.3.10 e IBM Tivoli Netcool/OMNIbus_GUI son vulnerables a un ataque de tipo XML External Entity Injection (XXE) cuando son procesados datos XML. Un atacante remoto podrí... • https://exchange.xforce.ibmcloud.com/vulnerabilities/204775 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4718
https://notcve.org/view.php?id=CVE-2019-4718
23 Mar 2020 — IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172123. IBM Jazz for Service Management versión 3.13, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterand... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172123 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4186
https://notcve.org/view.php?id=CVE-2019-4186
05 Sep 2019 — IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976. Jazz for Service Management de IBM versión 1.1.3 es ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/158976 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •