CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35722
https://notcve.org/view.php?id=CVE-2022-35722
IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381. IBM Jazz for Service Management es vulnerable a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/231381 https://www.ibm.com/support/pages/node/6824117 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4275
https://notcve.org/view.php?id=CVE-2019-4275
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. IBM X-Force ID: 160296. Jazz for Service Management de IBM versiones 1.1.3, 1.1.3.1 y 1.1.3.2, podría permitir a un usuario local no autorizado crear nombres de catálogo únicos que podrían causar una denegación de servicio. ID de IBM X-Force: 160296. • http://www.ibm.com/support/docview.wss?uid=ibm10959011 https://exchange.xforce.ibmcloud.com/vulnerabilities/160296 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4194
https://notcve.org/view.php?id=CVE-2019-4194
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. IBM X-Force ID: 159033. IBM Jazz for Service Management versiones 1.1.3, 1.1.3.1, y 1.1.3.2 falta el control de acceso a nivel de función que podría permitir a un usuario eliminar recursos autorizados. ID de IBM X-Force: 159033. • http://www.ibm.com/support/docview.wss?uid=ibm10885989 https://exchange.xforce.ibmcloud.com/vulnerabilities/159033 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4193
https://notcve.org/view.php?id=CVE-2019-4193
IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-force ID: 159032. Jazz for Service Management versiones 1.1.3 y 1.1.3.2 de IBM, almacena información confidencial en parámetros URL. Esto podría conllevar a la divulgación de información si terceros no autorizados presentan acceso a las URL por medio de los registros del servidor, el encabezado de referencia o el historico del navegador. • http://www.ibm.com/support/docview.wss?uid=ibm10885985 http://www.securityfocus.com/bid/109144 https://exchange.xforce.ibmcloud.com/vulnerabilities/159032 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4201
https://notcve.org/view.php?id=CVE-2019-4201
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 159122. IBM Jazz for Service Management versiones 1.1.3, 1.1.3.1 y 1.1.3.2 podría permitir a un atacante remoto dirigir ataques de phishing, usando un ataque de redireccionamiento abierto. • https://exchange.xforce.ibmcloud.com/vulnerabilities/159122 https://www.ibm.com/support/docview.wss?uid=ibm10885592 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •