Vulnerabilities > IBM > Jazz FOR Service Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-29833 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. | 5.4 |
| 2021-09-23 | CVE-2021-29904 | Cleartext Storage of Sensitive Information vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2021-09-23 | CVE-2021-29905 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. | 5.4 |
| 2021-09-23 | CVE-2021-38877 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. | 5.4 |
| 2021-09-23 | CVE-2021-29800 | Cross-site Scripting vulnerability in IBM products IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. | 5.4 |
| 2021-09-21 | CVE-2021-29831 | XXE vulnerability in IBM products IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2020-03-23 | CVE-2019-4718 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.0 IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. | 5.4 |
| 2019-09-05 | CVE-2019-4186 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3 IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. | 6.1 |
| 2019-08-02 | CVE-2019-4275 | Unspecified vulnerability in IBM Jazz for Service Management 1.1.3/1.1.3.1/1.1.3.2 IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. | 5.5 |
| 2019-07-17 | CVE-2019-4194 | Unspecified vulnerability in IBM Jazz for Service Management 1.1.3.0/1.1.3.1/1.1.3.2 IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. | 4.3 |