Vulnerabilities > IBM > Jazz Reporting Service > 6.0.2

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-5898 7PK - Security Features vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization.
network
low complexity
ibm CWE-254
4.3
4.3
2017-02-01 CVE-2016-5897 Cross-site Scripting vulnerability in IBM Jazz Reporting Service 6.0/6.0.1/6.0.2
IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
5.4
5.4
2016-11-25 CVE-2016-0316 Cross-site Scripting vulnerability in IBM Jazz Reporting Service 6.0/6.0.1/6.0.2
Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
5.4
2016-07-08 CVE-2016-2889 Cross-Site Request Forgery (CSRF) vulnerability in IBM Jazz Reporting Service
Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users.
network
low complexity
ibm CWE-352
8.8
8.8