3 results (0.003 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-52892 – IBM Jazz for Service Management Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2024-52892

06 Feb 2025 — IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7182508 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-47106 – IBM Jazz for Service Management information disclosure

https://notcve.org/view.php?id=CVE-2024-47106

18 Jan 2025 — IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7178507 • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-46186 – IBM Jazz for Service Management information disclosure

https://notcve.org/view.php?id=CVE-2023-46186

14 Feb 2024 — IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929. IBM Jazz for Service Management 1.1.3.20 podría permitir que un usuario no autorizado obtenga información confidencial de archivos mediante navegación forzada debido a controles de acceso inadecuados. ID de IBM X-Force: 269929. • https://exchange.xforce.ibmcloud.com/vulnerabilities/269929 • CWE-425: Direct Request ('Forced Browsing') •