Ibm Jazz_for_service_management
30 CVEs affecting Ibm Jazz_for_service_management. Latest disclosed: 2025-10-31. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-1746 | High | 8.8 | 2017-12-20 | IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious an… |
CVE-2017-1631 | High | 8.8 | 2017-12-20 | IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious an… |
CVE-2016-9975 | High | 8.8 | 2017-02-24 | IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthoriz… |
CVE-2021-29831 | High | 8.1 | 2021-09-21 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML… |
CVE-2019-4193 | High | 7.5 | 2019-07-11 | IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parti… |
CVE-2021-29816 | Medium | 6.5 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execut… |
CVE-2024-52892 | Medium | 6.1 | 2025-02-06 | IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed ar… |
CVE-2019-4186 | Medium | 6.1 | 2019-09-05 | IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a sp… |
CVE-2019-4201 | Medium | 6.1 | 2019-06-06 | IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persua… |
CVE-2016-5935 | Medium | 5.9 | 2017-02-02 | IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate… |
CVE-2021-29904 | Medium | 5.5 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IB… |
CVE-2019-4275 | Medium | 5.5 | 2019-08-02 | IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of… |
CVE-2022-35722 | Medium | 5.4 | 2022-09-28 | IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI… |
CVE-2022-35721 | Medium | 5.4 | 2022-09-23 | IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the W… |
CVE-2021-38877 | Medium | 5.4 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in th… |
CVE-2021-29905 | Medium | 5.4 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arb… |
CVE-2021-29833 | Medium | 5.4 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to em… |
CVE-2021-29832 | Medium | 5.4 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to em… |
CVE-2021-29815 | Medium | 5.4 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to em… |
CVE-2021-29814 | Medium | 5.4 | 2021-09-23 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to em… |