CVE-2021-29844
https://notcve.org/view.php?id=CVE-2021-29844
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facilitar otros ataques • https://exchange.xforce.ibmcloud.com/vulnerabilities/205205 https://www.ibm.com/support/pages/node/6508583 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2020-5004
https://notcve.org/view.php?id=CVE-2020-5004
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957. Los productos de IBM Jazz Foundation son vulnerables al cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario de la web, alterando así la funcionalidad prevista y llevando potencialmente a la divulgación de credenciales dentro de una sesión de confianza. • https://exchange.xforce.ibmcloud.com/vulnerabilities/192957 https://www.ibm.com/support/pages/node/6475919 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-4974
https://notcve.org/view.php?id=CVE-2020-4974
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434. Los productos IBM Jazz Foundation son vulnerables a la falsificación de solicitudes del lado del servidor (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría conducir a la enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/192434 https://www.ibm.com/support/pages/node/6475919 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-20519
https://notcve.org/view.php?id=CVE-2021-20519
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/198441 https://www.ibm.com/support/pages/node/6441803 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-4965
https://notcve.org/view.php?id=CVE-2020-4965
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422. Los productos IBM Jazz Team Server utilizan algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 192422 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192422 https://www.ibm.com/support/pages/node/6441803 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •