CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5899
https://notcve.org/view.php?id=CVE-2016-5899
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Jazz Reporting Service (JRS) es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21991154 http://www.securityfocus.com/bid/94844 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0317
https://notcve.org/view.php?id=CVE-2016-0317
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Lifecycle Query Engine (LQE) en IBM Jazz Reporting Service 6.0 y 6.0.1 en versiones anteriores a 6.0.1 iFix006 permite a atacantes remotos llevar a cabo ataques de clickjacking a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21983137 http://www.securityfocus.com/bid/92463 • CWE-284: Improper Access Control •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0318
https://notcve.org/view.php?id=CVE-2016-0318
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation. Lifecycle Query Engine (LQE) en IBM Jazz Reporting Service 6.0 y 6.0.1 en versiones anteriores a 6.0.1 iFix006 no destruye un ID de sesión en una acción de cierre de sesión, lo que permite a atacantes remotos obtener acceso aprovechando una estación de trabajo desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg21983137 http://www.securityfocus.com/bid/92466 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0319
https://notcve.org/view.php?id=CVE-2016-0319
The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. El analizador XML en Lifecycle Query Engine (LQE) en IBM Jazz Reporting Service 6.0 y 6.0.1 en versiones anteriores a 6.0.1 iFix006 permite a administradores remotos autenticados leer archivos arbitrarios o provocar una denegación de servicio a través de un documento XML que contiene una declaración de entidad externa en conjunción con una referencia de entidad, relacionado con un problema XML External Entity (XXE). • http://www-01.ibm.com/support/docview.wss?uid=swg21983137 http://www.securityfocus.com/bid/92475 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0316
https://notcve.org/view.php?id=CVE-2016-0316
Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Lifecycle Query Engine (LQE) en IBM Jazz Reporting Service 6.0 y 6.0.1 en versiones anteriores a 6.0.1 iFix006 y 6.0.2 en versiones anteriores a iFix003 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21983137 http://www.securityfocus.com/bid/92472 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •