Vulnerabilities > IBM > Jazz FOR Service Management > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-14 CVE-2023-46186 Unspecified vulnerability in IBM Jazz for Service Management 1.1.3.20
IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls.
network
low complexity
ibm
7.5
2021-09-21 CVE-2021-29831 XXE vulnerability in IBM products
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.1
2019-07-11 CVE-2019-4193 Information Exposure vulnerability in IBM Jazz for Service Management
IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters.
network
low complexity
ibm CWE-200
7.5
2017-12-20 CVE-2017-1746 Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-12-20 CVE-2017-1631 Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz for Service Management 1.1.3
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8