CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-29844
https://notcve.org/view.php?id=CVE-2021-29844
27 Oct 2021 — IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facili... • https://exchange.xforce.ibmcloud.com/vulnerabilities/205205 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2021-29786
https://notcve.org/view.php?id=CVE-2021-29786
27 Oct 2021 — IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172. Los productos IBM Jazz Team Server almacenan las credenciales de usuario en texto sin cifrar que puede leer un usuario autenticado. IBM X-Force ID: 203172 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203172 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2021-29774
https://notcve.org/view.php?id=CVE-2021-29774
27 Oct 2021 — IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025. Los productos IBM Jazz Team Server podrían permitir a un usuario autenticado alcanzar privilegios elevados bajo determinadas configuraciones. IBM X-Force ID: 203025 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203025 •
CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0CVE-2021-29673
https://notcve.org/view.php?id=CVE-2021-29673
27 Oct 2021 — IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcio... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199482 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 38EXPL: 0CVE-2021-20519
https://notcve.org/view.php?id=CVE-2021-20519
12 Apr 2021 — IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcio... • https://exchange.xforce.ibmcloud.com/vulnerabilities/198441 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2020-4965
https://notcve.org/view.php?id=CVE-2020-4965
12 Apr 2021 — IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422. Los productos IBM Jazz Team Server utilizan algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 192422 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192422 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2020-4964
https://notcve.org/view.php?id=CVE-2020-4964
12 Apr 2021 — IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419. Los productos de IBM Jazz Team Server contienen una vulnerabilidad no revelada que podría permitir a un usuario autenticado presentar un mensaje personalizado en la aplicación que podría ser usado para hacer un ataque de phishing a otros usuarios. IBM X-Force ID: 192419 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192419 •
CVSS: 6.4EPSS: 0%CPEs: 38EXPL: 0CVE-2020-4920
https://notcve.org/view.php?id=CVE-2020-4920
12 Apr 2021 — IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alter... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191396 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 23EXPL: 0CVE-2021-20351
https://notcve.org/view.php?id=CVE-2021-20351
04 Mar 2021 — IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708. Los productos de IBM Engineering son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la func... • https://exchange.xforce.ibmcloud.com/vulnerabilities/194708 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 23EXPL: 0CVE-2021-20350
https://notcve.org/view.php?id=CVE-2021-20350
04 Mar 2021 — IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707. Los productos de IBM Engineering son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la func... • https://exchange.xforce.ibmcloud.com/vulnerabilities/194707 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •