CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25052 – IBM Jazz Reporting Service information disclosure
https://notcve.org/view.php?id=CVE-2024-25052
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363. IBM Jazz Reporting Service 7.0.3 almacena las credenciales de usuario en texto plano que puede ser leído por un usuario administrador. ID de IBM X-Force: 283363. • https://exchange.xforce.ibmcloud.com/vulnerabilities/283363 https://https://www.ibm.com/support/pages/node/7157232 • CWE-256: Plaintext Storage of a Password •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20535
https://notcve.org/view.php?id=CVE-2021-20535
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198834. IBM Jazz Reporting Service versiones 6.0.6.1, 7.0, 7.0.1 y 7.0.2, es vulnerable a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facilitando otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/198834 https://www.ibm.com/support/pages/node/6452323 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4933
https://notcve.org/view.php?id=CVE-2020-4933
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191751. IBM Jazz Reporting Service versiones 6.0.6.1, 7.0, 7.0.1 y 7.0.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191751 https://www.ibm.com/support/pages/node/6415911 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4718
https://notcve.org/view.php?id=CVE-2020-4718
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731. IBM Jazz Reporting Service versiones 6.0.6, 6.0.6.1, 7.0 y 7.0.1, es vulnerable a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista que podría conllevar a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/187731 https://www.ibm.com/support/pages/node/6370099 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4541
https://notcve.org/view.php?id=CVE-2020-4541
IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183039. IBM Jazz Reporting Service versiones 7.0 y 7.0.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/183039 https://www.ibm.com/support/pages/node/6257577 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •