CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4275
https://notcve.org/view.php?id=CVE-2019-4275
02 Aug 2019 — IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. IBM X-Force ID: 160296. Jazz for Service Management de IBM versiones 1.1.3, 1.1.3.1 y 1.1.3.2, podría permitir a un usuario local no autorizado crear nombres de catálogo únicos que podrían causar una denegación de servicio. ID de IBM X-Force: 160296. • http://www.ibm.com/support/docview.wss?uid=ibm10959011 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4194
https://notcve.org/view.php?id=CVE-2019-4194
17 Jul 2019 — IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. IBM X-Force ID: 159033. IBM Jazz for Service Management versiones 1.1.3, 1.1.3.1, y 1.1.3.2 falta el control de acceso a nivel de función que podría permitir a un usuario eliminar recursos autorizados. ID de IBM X-Force: 159033. • http://www.ibm.com/support/docview.wss?uid=ibm10885989 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4193
https://notcve.org/view.php?id=CVE-2019-4193
11 Jul 2019 — IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-force ID: 159032. Jazz for Service Management versiones 1.1.3 y 1.1.3.2 de IBM, almacena información confidencial en parámetros URL. Esto podría conllevar a la divulgación de información si terceros no autorizados presentan acceso a las URL por medio de los registros... • http://www.ibm.com/support/docview.wss?uid=ibm10885985 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4201
https://notcve.org/view.php?id=CVE-2019-4201
06 Jun 2019 — IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 159122. IBM Ja... • https://exchange.xforce.ibmcloud.com/vulnerabilities/159122 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1746
https://notcve.org/view.php?id=CVE-2017-1746
20 Dec 2017 — IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519. IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la web... • http://www.ibm.com/support/docview.wss?uid=swg22011308 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1631
https://notcve.org/view.php?id=CVE-2017-1631
20 Dec 2017 — IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140. IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la web... • http://www.ibm.com/support/docview.wss?uid=swg22011307 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-9975
https://notcve.org/view.php?id=CVE-2016-9975
24 Feb 2017 — IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714. IBM Jazz for Service Management 1.1.2.1 y 1.1.3 es vulnerable a CSRF, lo que puede permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. Referencia de IBM: 1998714. • http://www.ibm.com/support/docview.wss?uid=swg21998714 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5935
https://notcve.org/view.php?id=CVE-2016-5935
02 Feb 2017 — IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Jazz for Service Management podría permitir a un atacante remoto obtener información sensible, provocado por el fallo de validar correctamente el certificado SSL. Un atacante podría explotar esta vulnerabilidad para obtener información ... • http://www.ibm.com/support/docview.wss?uid=swg21997711 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •