CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5898
https://notcve.org/view.php?id=CVE-2016-5898
IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information. IBM Jazz Reporting Service (JRS) podrían permitir a un atacante remoto obtener información sensible, causada por no restringir la serialización de JSON. Al enviar una petición directa, un atacante podría explotar esta vulnerabilidad para obtener información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21991154 http://www.securityfocus.com/bid/94848 • CWE-254: 7PK - Security Features •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5899
https://notcve.org/view.php?id=CVE-2016-5899
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Jazz Reporting Service (JRS) es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21991154 http://www.securityfocus.com/bid/94844 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6047
https://notcve.org/view.php?id=CVE-2016-6047
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Jazz Reporting Service (JRS) es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21991154 http://www.securityfocus.com/bid/94843 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0317
https://notcve.org/view.php?id=CVE-2016-0317
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Lifecycle Query Engine (LQE) en IBM Jazz Reporting Service 6.0 y 6.0.1 en versiones anteriores a 6.0.1 iFix006 permite a atacantes remotos llevar a cabo ataques de clickjacking a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21983137 http://www.securityfocus.com/bid/92463 • CWE-284: Improper Access Control •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0318
https://notcve.org/view.php?id=CVE-2016-0318
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation. Lifecycle Query Engine (LQE) en IBM Jazz Reporting Service 6.0 y 6.0.1 en versiones anteriores a 6.0.1 iFix006 no destruye un ID de sesión en una acción de cierre de sesión, lo que permite a atacantes remotos obtener acceso aprovechando una estación de trabajo desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg21983137 http://www.securityfocus.com/bid/92466 • CWE-284: Improper Access Control •