Vulnerabilities > IBM > Jazz FOR Service Management > 1.1.3

DATE CVE VULNERABILITY TITLE RISK
2022-09-28 CVE-2022-35722 Cross-site Scripting vulnerability in IBM Jazz for Service Management
IBM Jazz for Service Management is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2022-09-23 CVE-2022-35721 Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3
IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2019-09-05 CVE-2019-4186 Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3
IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching.
network
low complexity
ibm CWE-79
6.1
6.1
2019-08-02 CVE-2019-4275 Unspecified vulnerability in IBM Jazz for Service Management 1.1.3/1.1.3.1/1.1.3.2
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service.
local
low complexity
ibm
5.5
5.5
2019-07-11 CVE-2019-4193 Information Exposure vulnerability in IBM Jazz for Service Management
IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters.
network
low complexity
ibm CWE-200
7.5
7.5
2019-06-06 CVE-2019-4201 Open Redirect vulnerability in IBM Jazz for Service Management
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1
6.1
2017-12-20 CVE-2017-1746 Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
8.8
2017-12-20 CVE-2017-1631 Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
8.8