Vulnerabilities > IBM > Jazz Team Server > 6.0.6.1

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2021-20355 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
5.3
5.3
2022-06-24 CVE-2021-20421 Server-Side Request Forgery (SSRF) vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
4.0
4.0
2022-06-24 CVE-2021-20543 Cross-site Scripting vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
5.4
5.4
2022-06-24 CVE-2021-20544 Server-Side Request Forgery (SSRF) vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
4.0
4.0
2022-06-24 CVE-2021-20551 Exposure of Resource to Wrong Sphere vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-668
2.1
2.1
2022-06-24 CVE-2021-29865 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim.
network
ibm CWE-1021
4.9
4.9
2022-06-24 CVE-2021-38871 Cross-site Scripting vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2022-06-24 CVE-2021-38879 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
5.3
5.3
2022-05-20 CVE-2021-39043 Cross-site Scripting vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site scripting.
network
ibm CWE-79
3.5
3.5