Vulnerabilities > IBM > Jazz Reporting Service > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-01 CVE-2019-4494 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-05-29 CVE-2019-4184 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-04-29 CVE-2019-4047 Improper Privilege Management vulnerability in IBM Jazz Reporting Service 6.0.6
IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution.
network
low complexity
ibm CWE-269
4.3
2019-04-29 CVE-2018-2004 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-01-08 CVE-2018-1918 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2018-11-16 CVE-2018-1639 Information Exposure vulnerability in IBM Jazz Reporting Service
The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges.
network
low complexity
ibm CWE-200
6.5
2018-04-25 CVE-2018-1363 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2018-04-25 CVE-2017-1750 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-11-01 CVE-2017-1340 Information Exposure vulnerability in IBM Jazz Reporting Service 6.0.4
IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with.
network
low complexity
ibm CWE-200
5.0
2017-09-14 CVE-2017-1490 Information Exposure vulnerability in IBM Jazz Reporting Service
An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information.
network
high complexity
ibm CWE-200
5.3