Vulnerabilities > IBM > Jazz FOR Service Management > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-29904 | Cleartext Storage of Sensitive Information vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2021-09-23 | CVE-2021-29905 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. | 5.4 |
| 2021-09-23 | CVE-2021-38877 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.10 IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. | 5.4 |
| 2021-09-23 | CVE-2021-29800 | Cross-site Scripting vulnerability in IBM products IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. | 5.4 |
| 2020-03-23 | CVE-2019-4718 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3.0 IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. | 5.4 |
| 2019-09-05 | CVE-2019-4186 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3 IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. | 6.1 |
| 2019-08-02 | CVE-2019-4275 | Unspecified vulnerability in IBM Jazz for Service Management 1.1.3/1.1.3.1/1.1.3.2 IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service. | 5.5 |
| 2019-07-17 | CVE-2019-4194 | Unspecified vulnerability in IBM Jazz for Service Management 1.1.3.0/1.1.3.1/1.1.3.2 IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. | 4.3 |
| 2019-06-06 | CVE-2019-4201 | Open Redirect vulnerability in IBM Jazz for Service Management IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |