Vulnerabilities > IBM > Jazz FOR Service Management > 1.1.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-28 | CVE-2022-35722 | Cross-site Scripting vulnerability in IBM Jazz for Service Management IBM Jazz for Service Management is vulnerable to stored cross-site scripting. | 5.4 |
| 2019-09-05 | CVE-2019-4186 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3 IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. | 6.1 |
| 2019-08-02 | CVE-2019-4275 | Unspecified vulnerability in IBM Jazz for Service Management 1.1.3/1.1.3.1/1.1.3.2 IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. | 5.5 |
| 2019-07-11 | CVE-2019-4193 | Information Exposure vulnerability in IBM Jazz for Service Management IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. | 7.5 |
| 2019-06-06 | CVE-2019-4201 | Open Redirect vulnerability in IBM Jazz for Service Management IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2017-12-20 | CVE-2017-1746 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3 IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2017-12-20 | CVE-2017-1631 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3 IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2017-02-24 | CVE-2016-9975 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Dashboard Application Services HUB 3.1.2.1/3.1.3 IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2017-02-02 | CVE-2016-5935 | Information Exposure vulnerability in IBM Dashboard Application Services HUB 3.1.3 IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. | 4.3 |