Vulnerabilities > IBM > Jazz FOR Service Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-29905 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. | 3.5 |
| 2021-09-23 | CVE-2021-38877 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. | 3.5 |
| 2021-09-23 | CVE-2021-29800 | Cross-site Scripting vulnerability in IBM products IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. | 3.5 |
| 2021-09-21 | CVE-2021-29831 | XXE vulnerability in IBM products IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2020-03-23 | CVE-2019-4718 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.0 IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. | 3.5 |
| 2019-09-05 | CVE-2019-4186 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3 IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. | 6.1 |
| 2019-08-02 | CVE-2019-4275 | Unspecified vulnerability in IBM Jazz for Service Management 1.1.3/1.1.3.1/1.1.3.2 IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. | 5.5 |
| 2019-07-17 | CVE-2019-4194 | Unspecified vulnerability in IBM Jazz for Service Management 1.1.3.0/1.1.3.1/1.1.3.2 IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. | 4.3 |
| 2019-07-11 | CVE-2019-4193 | Information Exposure vulnerability in IBM Jazz for Service Management IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. | 7.5 |
| 2019-06-06 | CVE-2019-4201 | Open Redirect vulnerability in IBM Jazz for Service Management IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |