CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5898
https://notcve.org/view.php?id=CVE-2016-5898
01 Feb 2017 — IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information. IBM Jazz Reporting Service (JRS) podrían permitir a un atacante remoto obtener información sensible, causada por no restringir la serialización de JSON. Al enviar una petición directa, un atacante podría explotar esta vulnerabilidad para obtener información sensi... • http://www.ibm.com/support/docview.wss?uid=swg21991154 • CWE-254: 7PK - Security Features •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5899
https://notcve.org/view.php?id=CVE-2016-5899
01 Feb 2017 — IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Jazz Reporting Service (JRS) es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente ... • http://www.ibm.com/support/docview.wss?uid=swg21991154 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-6054
https://notcve.org/view.php?id=CVE-2016-6054
01 Feb 2017 — IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Jazz Foundation es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación d... • http://www.ibm.com/support/docview.wss?uid=swg21991154 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2888
https://notcve.org/view.php?id=CVE-2016-2888
08 Jul 2016 — Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350. Vulnerabilidad de XSS en el Report Builder and Data Collection Component (DCC) en IBM Jazz Reporting Service (JRS) 5.x en versiones anteriores a 5.0.2 ifix016 y 6.x en... • http://www-01.ibm.com/support/docview.wss?uid=swg21983147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2889
https://notcve.org/view.php?id=CVE-2016-2889
08 Jul 2016 — Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en el Report Builder and Data Collection Component (DCC) en IBM Jazz Reporting Service (JRS) 5.x en versiones anteriores a 5.0.2 ifix016, 6.0 y 6.0.1 en versiones anteriores a 6... • http://www-01.ibm.com/support/docview.wss?uid=swg21983147 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0313
https://notcve.org/view.php?id=CVE-2016-0313
08 Jul 2016 — Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0350. Vulnerabilidad de XSS en el Report Builder and Data Collection Component (DCC) en IBM Jazz Reporting Service (JRS) 5.x en versiones anteriores a 5.0.2 ifix016 y 6.x en... • http://www-01.ibm.com/support/docview.wss?uid=swg21983147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0314
https://notcve.org/view.php?id=CVE-2016-0314
08 Jul 2016 — The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors. El Report Builder and Data Collection Component (DCC) en IBM Jazz Reporting Service (JRS) 5.x en versiones anteriores a 5.0.2 ifix016 y 6.x en versiones anteriores a 6.0.1 ifix005 permiten a usuarios remotos autenticados llevar a cabo ataques de secuestro de clic a través de v... • http://www-01.ibm.com/support/docview.wss?uid=swg21983147 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0315
https://notcve.org/view.php?id=CVE-2016-0315
08 Jul 2016 — The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation. El Report Builder and Data Collection Component (DCC) en IBM Jazz Reporting Service (JRS) 5.x en versiones anteriores a 5.0.2 ifix016 y 6.x en versiones anteriores a 6.0.1 ifix005 mantiene la validez de ID de sesión... • http://www-01.ibm.com/support/docview.wss?uid=swg21983147 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0350
https://notcve.org/view.php?id=CVE-2016-0350
08 Jul 2016 — Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0313. Vulnerabilidad de XSS en el Report Builder and Data Collection Component (DCC) en IBM Jazz Reporting Service (JRS) 5.x en versiones anteriores a 5.0.2 ifix016 y 6.x en... • http://www-01.ibm.com/support/docview.wss?uid=swg21983147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7464
https://notcve.org/view.php?id=CVE-2015-7464
29 Jan 2016 — Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder server outage) via a crafted request to a Report Builder instance URL. Report Builder en IBM Jazz Reporting Service (JRS) 5.x en versiones anteriores a 5.0.2-Rational-CLM-ifix011 y 6.0 en versiones anteriores a 6.0.0-Rational-CLM-ifix005 permite a atacantes remotos causar una denegación de servicio (interrupció... • http://www-01.ibm.com/support/docview.wss?uid=swg21972485 •