CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7467
https://notcve.org/view.php?id=CVE-2015-7467
17 Jan 2016 — Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Report Builder en IBM Jazz Reporting Service (JRS) 5.x en versiones anteriores a 5.0.2-Rational-CLM-ifix011 y 6.0 en versiones anteriores a 6.0.0-Rational-CLM-ifix005 permite a usuarios remotos autenticados inyectar secu... • http://www-01.ibm.com/support/docview.wss?uid=swg21972485 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7468
https://notcve.org/view.php?id=CVE-2015-7468
17 Jan 2016 — Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors. Report Builder en IBM Jazz Reporting Service (JRS) 5.x en versiones anteriores a 5.0.2-Rational-CLM-ifix011 y 6.0 en versiones anteriores a 6.0.0-Rational-CLM-ifix005 permite a usuarios remotos autenticados eludir las restricciones sobre tareas de administrador previ... • http://www-01.ibm.com/support/docview.wss?uid=swg21972485 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7469
https://notcve.org/view.php?id=CVE-2015-7469
17 Jan 2016 — Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restrictions by leveraging a JazzGuest role. Report Builder en IBM Jazz Reporting Service (JRS) 5.x en versiones anteriores a 5.0.2-Rational-CLM-ifix011 y 6.0 en versiones anteriores a 6.0.0-Rational-CLM-ifix005 permite a usuarios remotos autenticados eludir las restricciones destinadas de solo lectura aprovechando u... • http://www-01.ibm.com/support/docview.wss?uid=swg21972485 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7470
https://notcve.org/view.php?id=CVE-2015-7470
17 Jan 2016 — Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors, as demonstrated by login information. Report Builder en IBM Jazz Reporting Service (JRS) 5.x en versiones anteriores a 5.0.2-Rational-CLM-ifix011 y 6.0 en versiones anteriores a 6.0.0-Rational-CLM-ifix005 permite a atacantes man-in-the-middle obtener información sensible a través de vecto... • http://www-01.ibm.com/support/docview.wss?uid=swg21972485 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7465
https://notcve.org/view.php?id=CVE-2015-7465
10 Jan 2016 — Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en Lifecycle Query Engine (LQE) en IBM Jazz Reporting Service (JRS) 6.0 en versiones anteriores a 6.0.0-Rational-CLM-ifix005 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrar... • http://www-01.ibm.com/support/docview.wss?uid=swg21972484 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7466
https://notcve.org/view.php?id=CVE-2015-7466
10 Jan 2016 — Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors. Lifecycle Query Engine (LQE) en IBM Jazz Reporting Service (JRS) 6.0 en versiones anteriores a 6.0.0-Rational-CLM-ifix005 permite a usuarios remotos autenticados llevar a cabo ataques de inyeción LDAP, y consecuentemente eludir las r... • http://www-01.ibm.com/support/docview.wss?uid=swg21972484 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •