Search criteria
33 vulnerabilities found for jazz_foundation by ibm
CVE-2025-1826 (GCVE-0-2025-1826)
Vulnerability from nvd – Published: 2025-10-07 17:50 – Updated: 2025-10-14 18:24
VLAI?
Title
IBM Jazz Foundation cross-site scripting
Summary
IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
7.0.2 , ≤ 7.0.2 iFix034
(semver)
Affected: 7.0.3 , ≤ 7.0.3 iFix016 (semver) Affected: 7.1.0 , ≤ 7.1.0 iFix004 (semver) cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix034:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix016:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T18:13:04.012312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T18:15:35.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix034:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix016:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 iFix034",
"status": "affected",
"version": "7.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 iFix016",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.0 iFix004",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034,\u0026nbsp;7.0.3 to 7.0.3 iFix016, and\u0026nbsp;7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034,\u00a07.0.3 to 7.0.3 iFix016, and\u00a07.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:24:39.313Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247292"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\u003c/p\u003e\u003cp\u003eIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. \u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eAffected Product(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e7.0.2\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.2\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.0.2-IBM-ELM-iFix035\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix035\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e7.0.3\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.3\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.0.3-IBM-ELM-iFix017\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix017\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e7.1.0\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.1-IBM-ELM-iFix005\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix005\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\n\nIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. \n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.0.2Download and install iFix035 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.0.3Download and install iFix017 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.1.0Download and install iFix005 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or later"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1826",
"datePublished": "2025-10-07T17:50:00.512Z",
"dateReserved": "2025-03-01T14:39:35.654Z",
"dateUpdated": "2025-10-14T18:24:39.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25048 (GCVE-0-2025-25048)
Vulnerability from nvd – Published: 2025-09-04 15:06 – Updated: 2025-09-04 15:16
VLAI?
Title
IBM Jazz Foundation path traversal
Summary
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory.
Severity ?
6.5 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
7.0.2 , ≤ 7.0.2 iFix033
(semver)
Affected: 7.0.3 , ≤ 7.0.3 iFix012 (semver) Affected: 7.1.0 , ≤ 7.1.0 iFix002 (semver) cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-04T15:15:55.482431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T15:16:08.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 iFix033",
"status": "affected",
"version": "7.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 iFix012",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.0 iFix002",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory."
}
],
"value": "IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T15:06:15.076Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7244014"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\u003c/p\u003e\u003cp\u003eIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2.Optionally, upgrade to the latest 7.1.0 version and apply below fix. \u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eAffected Product(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.0.2\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.2\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.0.2-IBM-ELM-iFix034\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix034\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.0.3\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.3\u0026amp;platform=Windows\u0026amp;function=fixId\u0026amp;fixids=7.0.3-IBM-ELM-iFix013\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix013\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.1.0\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.1\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.1-IBM-ELM-iFix003\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eiFix003\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\n\nIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2.Optionally, upgrade to the latest 7.1.0 version and apply below fix. \n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation7.0.2Download and install iFix034 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation7.0.3Download and install iFix013 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation7.1.0Download and install iFix003 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or later"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation path traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-25048",
"datePublished": "2025-09-04T15:06:15.076Z",
"dateReserved": "2025-02-01T15:07:06.692Z",
"dateUpdated": "2025-09-04T15:16:08.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43184 (GCVE-0-2024-43184)
Vulnerability from nvd – Published: 2025-09-04 15:04 – Updated: 2025-09-04 17:39
VLAI?
Title
IBM Jazz Foundation cross-site scripting
Summary
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
7.0.2 , ≤ 7.0.2 iFix033
(semver)
Affected: 7.0.3 , ≤ 7.0.3 iFix012 (semver) Affected: 7.1.0 , ≤ 7.1.0 iFix002 (semver) cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-04T17:39:37.249271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T17:39:41.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 iFix033",
"status": "affected",
"version": "7.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 iFix012",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.0 iFix002",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T15:04:57.324Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7244013"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\u003c/p\u003e\u003cp\u003eIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2.Optionally, upgrade to the latest 7.1.0 version and apply below fix. \u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eAffected Product(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.0.2\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.2\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.0.2-IBM-ELM-iFix034\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix034\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.0.3\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.3\u0026amp;platform=Windows\u0026amp;function=fixId\u0026amp;fixids=7.0.3-IBM-ELM-iFix013\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix013\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.1.0\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.1\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.1-IBM-ELM-iFix003\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eiFix003\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\n\nIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2.Optionally, upgrade to the latest 7.1.0 version and apply below fix. \n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation7.0.2Download and install iFix034 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation7.0.3Download and install iFix013 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation7.1.0Download and install iFix003 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or later"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-43184",
"datePublished": "2025-09-04T15:04:57.324Z",
"dateReserved": "2024-08-07T13:29:34.028Z",
"dateUpdated": "2025-09-04T17:39:41.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36157 (GCVE-0-2025-36157)
Vulnerability from nvd – Published: 2025-08-24 01:14 – Updated: 2025-08-26 14:46
VLAI?
Title
IBM Engineering Lifecycle Management incorrect authorization
Summary
IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.
Severity ?
9.8 (Critical)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Lifecycle Management |
Affected:
7.0.2 , ≤ 7.0.2 iFix035
(semver)
Affected: 7.0.3 , ≤ 7.0.3 iFix018 (semver) Affected: 7.1.0 , ≤ 7.1.0 iFix004 (semver) cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix035:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix018:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T03:55:28.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix035:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix018:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 iFix035",
"status": "affected",
"version": "7.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 iFix018",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.0 iFix004",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions."
}
],
"value": "IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:46:31.452Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7242925"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\u003c/p\u003e\u003cp\u003eIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. \u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eAffected Product(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.0.2\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.2\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.0.2-IBM-ELM-iFix035-sec\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003e7.0.2 iFix035-sec\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.0.3\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.3\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.0.3-IBM-ELM-iFix018-sec\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003e7.0.3 iFix018-sec\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.1.0\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.1\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.1-IBM-ELM-iFix004-sec\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\u0026amp;login=true\"\u003e7.1.0 iFix004-sec\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eApart from installing these iFixes, kindly perform the following additional step as mentioned below:\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003e1. Set the Advanced property named \"setup.isRegistrationHandlerServiceOpen\" to \"False\" under Jazz Team Server (JTS) \u0026gt; Server Administration \u0026gt; Advanced property page and save your changes.\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\n\nIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. \n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation7.0.2Download and install 7.0.2 iFix035-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation7.0.3Download and install 7.0.3 iFix018-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation7.1.0Download and install 7.1.0 iFix004-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or later\n\n\u00a0\n\nApart from installing these iFixes, kindly perform the following additional step as mentioned below:\n\n\n1. Set the Advanced property named \"setup.isRegistrationHandlerServiceOpen\" to \"False\" under Jazz Team Server (JTS) \u003e Server Administration \u003e Advanced property page and save your changes."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Lifecycle Management incorrect authorization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36157",
"datePublished": "2025-08-24T01:14:41.359Z",
"dateReserved": "2025-04-15T21:16:20.813Z",
"dateUpdated": "2025-08-26T14:46:31.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29669 (GCVE-0-2021-29669)
Vulnerability from nvd – Published: 2025-01-12 01:30 – Updated: 2025-01-13 15:18
VLAI?
Title
IBM Jazz Foundation cross-site scripting
Summary
IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2
cpe:2.3:a:ibm:jazz_foundation:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:6.0.6.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-29669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T15:18:35.327174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T15:18:46.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:6.0.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-12T01:30:05.836Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7180689"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29669",
"datePublished": "2025-01-12T01:30:05.836Z",
"dateReserved": "2021-03-31T20:12:10.358Z",
"dateUpdated": "2025-01-13T15:18:46.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41780 (GCVE-0-2024-41780)
Vulnerability from nvd – Published: 2025-01-03 14:38 – Updated: 2025-01-03 17:52
VLAI?
Title
IBM Jazz Foundation information disclosure
Summary
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could
could allow a physical user to obtain sensitive information due to not masking passwords during entry.
Severity ?
4.2 (Medium)
CWE
- CWE-359 - Exposure of Private Information ('Privacy Violation')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
7.0.2, 7.0.3, 7.1.0
cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T17:51:46.924230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T17:52:42.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2, 7.0.3, 7.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a physical user to obtain sensitive information due to not masking passwords during entry.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could \n\ncould allow a physical user to obtain sensitive information due to not masking passwords during entry."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Information (\u0027Privacy Violation\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T14:38:36.851Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7180119"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41780",
"datePublished": "2025-01-03T14:38:36.851Z",
"dateReserved": "2024-07-22T12:03:08.192Z",
"dateUpdated": "2025-01-03T17:52:42.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5591 (GCVE-0-2024-5591)
Vulnerability from nvd – Published: 2025-01-03 14:33 – Updated: 2025-01-03 17:53
VLAI?
Title
IBM Jazz Foundation information disclosure
Summary
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Severity ?
4.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
7.0.2, 7.0.3, 7.1.0
cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T17:52:58.978439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T17:53:10.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2, 7.0.3, 7.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.\u003c/span\u003e"
}
],
"value": "IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T14:33:51.872Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7180120"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-5591",
"datePublished": "2025-01-03T14:33:51.872Z",
"dateReserved": "2024-06-02T15:43:45.743Z",
"dateUpdated": "2025-01-03T17:53:10.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26280 (GCVE-0-2023-26280)
Vulnerability from nvd – Published: 2024-11-25 15:51 – Updated: 2024-11-25 18:16
VLAI?
Title
IBM Jazz Foundation improper access control
Summary
IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.
Severity ?
5.3 (Medium)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
7.0.2, 7.0.3
cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T16:24:35.601366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T16:25:00.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2, 7.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Jazz Foundation 7.0.2 and 7.0.3\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Jazz Foundation 7.0.2 and 7.0.3\u00a0could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T18:16:42.402Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7176207"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation improper access control",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-26280",
"datePublished": "2024-11-25T15:51:46.104Z",
"dateReserved": "2023-02-21T13:55:50.150Z",
"dateUpdated": "2024-11-25T18:16:42.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45181 (GCVE-0-2023-45181)
Vulnerability from nvd – Published: 2024-11-25 15:48 – Updated: 2024-11-25 16:25
VLAI?
Title
IBM Jazz Foundation cross-site scripting
Summary
IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
7.0.2
cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T16:25:11.523902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T16:25:18.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e"
}
],
"value": "IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T15:48:46.577Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7176207"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-45181",
"datePublished": "2024-11-25T15:48:46.577Z",
"dateReserved": "2023-10-05T01:38:58.206Z",
"dateUpdated": "2024-11-25T16:25:18.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39059 (GCVE-0-2021-39059)
Vulnerability from nvd – Published: 2022-05-11 16:10 – Updated: 2024-09-16 23:46
VLAI?
Summary
IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Team Server |
Affected:
6.0.6
Affected: 6.0.6.1 Affected: 7.0 Affected: 7.0.1 Affected: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6584347"
},
{
"name": "ibm-jazz-cve202139059-xss (214619)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214619"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jazz Team Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/C:L/AV:N/I:L/PR:L/S:C/AC:L/A:N/UI:R/RC:C/E:H/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:10:14",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6584347"
},
{
"name": "ibm-jazz-cve202139059-xss (214619)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214619"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-05-10T00:00:00",
"ID": "CVE-2021-39059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jazz Team Server",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6584347",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6584347 (Jazz Team Server)",
"url": "https://www.ibm.com/support/pages/node/6584347"
},
{
"name": "ibm-jazz-cve202139059-xss (214619)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214619"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39059",
"datePublished": "2022-05-11T16:10:14.841926Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-16T23:46:20.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2025-1826
Vulnerability from fkie_nvd - Published: 2025-10-07 18:15 - Updated: 2025-12-12 19:53
Severity ?
Summary
IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7247292 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "441ECFF5-7336-4638-8E9A-FDCB25B64455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix001:*:*:*:*:*:*",
"matchCriteriaId": "5732ED04-5F96-4599-93E6-7584885D2B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix002:*:*:*:*:*:*",
"matchCriteriaId": "95526B74-096B-4B77-9335-753403C8FD4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix003:*:*:*:*:*:*",
"matchCriteriaId": "261024C4-6F61-412E-8AD1-735E691BF47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix004:*:*:*:*:*:*",
"matchCriteriaId": "D9F6D0FB-E128-478F-B8AA-D19E9C4B48C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix005:*:*:*:*:*:*",
"matchCriteriaId": "5369A9EE-5DA1-4FDC-8D61-7B34AC7CA2E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix006:*:*:*:*:*:*",
"matchCriteriaId": "8A8996A8-891F-45F3-8950-4D3CDC31FBF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix007:*:*:*:*:*:*",
"matchCriteriaId": "5C3158CF-3B4D-424E-9D71-32949A46ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix008a:*:*:*:*:*:*",
"matchCriteriaId": "FC5C310D-EF92-4B9F-BAB7-1E768336AAF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix009:*:*:*:*:*:*",
"matchCriteriaId": "08DAB6ED-24E3-4041-8230-1D2C15904FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix010:*:*:*:*:*:*",
"matchCriteriaId": "782AB41B-3C55-4701-8F6B-2CDA70A9D66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix011:*:*:*:*:*:*",
"matchCriteriaId": "D5CAE940-F815-472B-AFA7-9E25D04BC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix012:*:*:*:*:*:*",
"matchCriteriaId": "E853B8B5-735D-4873-9377-CFBBC61C6196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix013:*:*:*:*:*:*",
"matchCriteriaId": "2690EEF9-0D5F-4C30-823E-9ABE703007E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix014:*:*:*:*:*:*",
"matchCriteriaId": "193C0380-AD9F-4823-81D8-AB2B95E0C200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix016:*:*:*:*:*:*",
"matchCriteriaId": "B5ABD29B-3AF6-4760-A3CA-356CD933370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix017:*:*:*:*:*:*",
"matchCriteriaId": "D0A30F1F-59AA-485F-853B-B8DF430C2787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix018:*:*:*:*:*:*",
"matchCriteriaId": "DFEAFE85-375D-47DD-8D29-BB8AC17EC557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix020a:*:*:*:*:*:*",
"matchCriteriaId": "899CFB7F-21AD-47AF-8494-3D3E0E243130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix021:*:*:*:*:*:*",
"matchCriteriaId": "563E2A40-CB7C-456C-9915-2F5D01FF37AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix022:*:*:*:*:*:*",
"matchCriteriaId": "91379E62-5D52-4E70-BB55-5CD44D441808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix023:*:*:*:*:*:*",
"matchCriteriaId": "2E60A806-F8F5-464C-95CD-75F5D7EB9065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix024:*:*:*:*:*:*",
"matchCriteriaId": "6FF16BF8-714D-4FB0-88BA-CF0D6B5B355E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix025:*:*:*:*:*:*",
"matchCriteriaId": "5EBC2E3B-028B-4822-B5C9-B876C99E82C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix026a:*:*:*:*:*:*",
"matchCriteriaId": "869E2253-1EF8-482E-A1DF-09194B45990B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix027:*:*:*:*:*:*",
"matchCriteriaId": "41059E5C-FE0B-46FA-9F67-6223F72CA5EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix028:*:*:*:*:*:*",
"matchCriteriaId": "453C5894-0B5B-4AB1-BDDC-005201B94165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix029:*:*:*:*:*:*",
"matchCriteriaId": "5D296DAF-F407-44C7-910B-53BA9E7E0FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix030:*:*:*:*:*:*",
"matchCriteriaId": "2A4AF381-C5A8-44CA-BD5F-B7167BCBEE0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix031:*:*:*:*:*:*",
"matchCriteriaId": "6BB65C18-7859-4CBC-BA99-FE50971031FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix032:*:*:*:*:*:*",
"matchCriteriaId": "2C3A76AB-C70B-49F7-B73C-1A73F2497A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:*",
"matchCriteriaId": "B707842F-4CED-4D84-B812-75B2DB818C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix034:*:*:*:*:*:*",
"matchCriteriaId": "0702FAA2-762A-4A95-A73A-59AB2DA1DBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "E7BEB914-06D8-4F0B-89C8-DFFF89B432F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix001:*:*:*:*:*:*",
"matchCriteriaId": "FF01D2AF-8FCB-49FB-BD5F-17877F7731F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix002:*:*:*:*:*:*",
"matchCriteriaId": "B766EDB8-4115-4682-B1AD-57C99107A195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix003:*:*:*:*:*:*",
"matchCriteriaId": "9AB07BE6-C24B-4D7A-B906-2268BAF742CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix004:*:*:*:*:*:*",
"matchCriteriaId": "C405EE5A-4320-4960-B430-00AFCF540089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix005:*:*:*:*:*:*",
"matchCriteriaId": "CE6616C0-F434-4189-AF6E-07AB0E04626F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix006:*:*:*:*:*:*",
"matchCriteriaId": "854B0828-F782-4F8E-9970-AA7BF2A4F0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix007:*:*:*:*:*:*",
"matchCriteriaId": "76F5529B-09C3-4B3D-B670-978EDE39F086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix008:*:*:*:*:*:*",
"matchCriteriaId": "E2FD2D5C-2BF9-4558-B794-A2CEC3E13E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix009:*:*:*:*:*:*",
"matchCriteriaId": "71F966A3-4D5A-4870-91A0-F7BE6AEECDFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix010:*:*:*:*:*:*",
"matchCriteriaId": "32BB09AF-ED78-4FFB-8313-AC527250CE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix011:*:*:*:*:*:*",
"matchCriteriaId": "01E9BCE0-684F-4624-BD4C-2A90E160C63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:*",
"matchCriteriaId": "62031B5D-C2BE-433B-89D4-9CEB013E0402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix013:*:*:*:*:*:*",
"matchCriteriaId": "86F6DF11-AC1B-4B9C-89B0-C5930775AC95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix014:*:*:*:*:*:*",
"matchCriteriaId": "4AA16E96-2467-4542-991A-C38906494A7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix015:*:*:*:*:*:*",
"matchCriteriaId": "9F7B38A2-AB25-4FFB-BC2F-6D29BCD57C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix016:*:*:*:*:*:*",
"matchCriteriaId": "C6249D2A-8564-415F-BF39-887C6B1D3679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "53EA48FB-EA3A-4111-AAAF-F7053DBEEEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix001:*:*:*:*:*:*",
"matchCriteriaId": "5BD93D68-30C9-4E29-8295-AC0121F2EFF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:*",
"matchCriteriaId": "979A3BCA-1EDD-4020-918B-BBEBB6F7EFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix003:*:*:*:*:*:*",
"matchCriteriaId": "A32F602D-AE6E-4120-9E24-BD18989FB80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:*",
"matchCriteriaId": "5D3BC640-5946-4349-8E62-6C2D4AF03ADC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034,\u00a07.0.3 to 7.0.3 iFix016, and\u00a07.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"id": "CVE-2025-1826",
"lastModified": "2025-12-12T19:53:55.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-10-07T18:15:58.683",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7247292"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-25048
Vulnerability from fkie_nvd - Published: 2025-09-04 15:15 - Updated: 2025-12-02 21:36
Severity ?
Summary
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7244014 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "441ECFF5-7336-4638-8E9A-FDCB25B64455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix001:*:*:*:*:*:*",
"matchCriteriaId": "5732ED04-5F96-4599-93E6-7584885D2B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix002:*:*:*:*:*:*",
"matchCriteriaId": "95526B74-096B-4B77-9335-753403C8FD4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix003:*:*:*:*:*:*",
"matchCriteriaId": "261024C4-6F61-412E-8AD1-735E691BF47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix004:*:*:*:*:*:*",
"matchCriteriaId": "D9F6D0FB-E128-478F-B8AA-D19E9C4B48C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix005:*:*:*:*:*:*",
"matchCriteriaId": "5369A9EE-5DA1-4FDC-8D61-7B34AC7CA2E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix006:*:*:*:*:*:*",
"matchCriteriaId": "8A8996A8-891F-45F3-8950-4D3CDC31FBF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix007:*:*:*:*:*:*",
"matchCriteriaId": "5C3158CF-3B4D-424E-9D71-32949A46ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix008a:*:*:*:*:*:*",
"matchCriteriaId": "FC5C310D-EF92-4B9F-BAB7-1E768336AAF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix009:*:*:*:*:*:*",
"matchCriteriaId": "08DAB6ED-24E3-4041-8230-1D2C15904FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix010:*:*:*:*:*:*",
"matchCriteriaId": "782AB41B-3C55-4701-8F6B-2CDA70A9D66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix011:*:*:*:*:*:*",
"matchCriteriaId": "D5CAE940-F815-472B-AFA7-9E25D04BC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix012:*:*:*:*:*:*",
"matchCriteriaId": "E853B8B5-735D-4873-9377-CFBBC61C6196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix013:*:*:*:*:*:*",
"matchCriteriaId": "2690EEF9-0D5F-4C30-823E-9ABE703007E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix014:*:*:*:*:*:*",
"matchCriteriaId": "193C0380-AD9F-4823-81D8-AB2B95E0C200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix016:*:*:*:*:*:*",
"matchCriteriaId": "B5ABD29B-3AF6-4760-A3CA-356CD933370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix017:*:*:*:*:*:*",
"matchCriteriaId": "D0A30F1F-59AA-485F-853B-B8DF430C2787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix018:*:*:*:*:*:*",
"matchCriteriaId": "DFEAFE85-375D-47DD-8D29-BB8AC17EC557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix020a:*:*:*:*:*:*",
"matchCriteriaId": "899CFB7F-21AD-47AF-8494-3D3E0E243130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix021:*:*:*:*:*:*",
"matchCriteriaId": "563E2A40-CB7C-456C-9915-2F5D01FF37AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix022:*:*:*:*:*:*",
"matchCriteriaId": "91379E62-5D52-4E70-BB55-5CD44D441808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix023:*:*:*:*:*:*",
"matchCriteriaId": "2E60A806-F8F5-464C-95CD-75F5D7EB9065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix024:*:*:*:*:*:*",
"matchCriteriaId": "6FF16BF8-714D-4FB0-88BA-CF0D6B5B355E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix025:*:*:*:*:*:*",
"matchCriteriaId": "5EBC2E3B-028B-4822-B5C9-B876C99E82C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix026a:*:*:*:*:*:*",
"matchCriteriaId": "869E2253-1EF8-482E-A1DF-09194B45990B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix027:*:*:*:*:*:*",
"matchCriteriaId": "41059E5C-FE0B-46FA-9F67-6223F72CA5EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix028:*:*:*:*:*:*",
"matchCriteriaId": "453C5894-0B5B-4AB1-BDDC-005201B94165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix029:*:*:*:*:*:*",
"matchCriteriaId": "5D296DAF-F407-44C7-910B-53BA9E7E0FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix030:*:*:*:*:*:*",
"matchCriteriaId": "2A4AF381-C5A8-44CA-BD5F-B7167BCBEE0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix031:*:*:*:*:*:*",
"matchCriteriaId": "6BB65C18-7859-4CBC-BA99-FE50971031FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix032:*:*:*:*:*:*",
"matchCriteriaId": "2C3A76AB-C70B-49F7-B73C-1A73F2497A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:*",
"matchCriteriaId": "B707842F-4CED-4D84-B812-75B2DB818C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "E7BEB914-06D8-4F0B-89C8-DFFF89B432F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix001:*:*:*:*:*:*",
"matchCriteriaId": "FF01D2AF-8FCB-49FB-BD5F-17877F7731F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix002:*:*:*:*:*:*",
"matchCriteriaId": "B766EDB8-4115-4682-B1AD-57C99107A195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix003:*:*:*:*:*:*",
"matchCriteriaId": "9AB07BE6-C24B-4D7A-B906-2268BAF742CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix004:*:*:*:*:*:*",
"matchCriteriaId": "C405EE5A-4320-4960-B430-00AFCF540089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix005:*:*:*:*:*:*",
"matchCriteriaId": "CE6616C0-F434-4189-AF6E-07AB0E04626F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix006:*:*:*:*:*:*",
"matchCriteriaId": "854B0828-F782-4F8E-9970-AA7BF2A4F0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix007:*:*:*:*:*:*",
"matchCriteriaId": "76F5529B-09C3-4B3D-B670-978EDE39F086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix008:*:*:*:*:*:*",
"matchCriteriaId": "E2FD2D5C-2BF9-4558-B794-A2CEC3E13E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix009:*:*:*:*:*:*",
"matchCriteriaId": "71F966A3-4D5A-4870-91A0-F7BE6AEECDFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix010:*:*:*:*:*:*",
"matchCriteriaId": "32BB09AF-ED78-4FFB-8313-AC527250CE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix011:*:*:*:*:*:*",
"matchCriteriaId": "01E9BCE0-684F-4624-BD4C-2A90E160C63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:*",
"matchCriteriaId": "62031B5D-C2BE-433B-89D4-9CEB013E0402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "53EA48FB-EA3A-4111-AAAF-F7053DBEEEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix001:*:*:*:*:*:*",
"matchCriteriaId": "5BD93D68-30C9-4E29-8295-AC0121F2EFF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:*",
"matchCriteriaId": "979A3BCA-1EDD-4020-918B-BBEBB6F7EFF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory."
}
],
"id": "CVE-2025-25048",
"lastModified": "2025-12-02T21:36:35.033",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-09-04T15:15:46.077",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7244014"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-43184
Vulnerability from fkie_nvd - Published: 2025-09-04 15:15 - Updated: 2025-12-02 21:33
Severity ?
Summary
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7244013 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "441ECFF5-7336-4638-8E9A-FDCB25B64455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix001:*:*:*:*:*:*",
"matchCriteriaId": "5732ED04-5F96-4599-93E6-7584885D2B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix002:*:*:*:*:*:*",
"matchCriteriaId": "95526B74-096B-4B77-9335-753403C8FD4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix003:*:*:*:*:*:*",
"matchCriteriaId": "261024C4-6F61-412E-8AD1-735E691BF47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix004:*:*:*:*:*:*",
"matchCriteriaId": "D9F6D0FB-E128-478F-B8AA-D19E9C4B48C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix005:*:*:*:*:*:*",
"matchCriteriaId": "5369A9EE-5DA1-4FDC-8D61-7B34AC7CA2E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix006:*:*:*:*:*:*",
"matchCriteriaId": "8A8996A8-891F-45F3-8950-4D3CDC31FBF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix007:*:*:*:*:*:*",
"matchCriteriaId": "5C3158CF-3B4D-424E-9D71-32949A46ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix008a:*:*:*:*:*:*",
"matchCriteriaId": "FC5C310D-EF92-4B9F-BAB7-1E768336AAF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix009:*:*:*:*:*:*",
"matchCriteriaId": "08DAB6ED-24E3-4041-8230-1D2C15904FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix010:*:*:*:*:*:*",
"matchCriteriaId": "782AB41B-3C55-4701-8F6B-2CDA70A9D66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix011:*:*:*:*:*:*",
"matchCriteriaId": "D5CAE940-F815-472B-AFA7-9E25D04BC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix012:*:*:*:*:*:*",
"matchCriteriaId": "E853B8B5-735D-4873-9377-CFBBC61C6196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix013:*:*:*:*:*:*",
"matchCriteriaId": "2690EEF9-0D5F-4C30-823E-9ABE703007E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix014:*:*:*:*:*:*",
"matchCriteriaId": "193C0380-AD9F-4823-81D8-AB2B95E0C200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix016:*:*:*:*:*:*",
"matchCriteriaId": "B5ABD29B-3AF6-4760-A3CA-356CD933370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix017:*:*:*:*:*:*",
"matchCriteriaId": "D0A30F1F-59AA-485F-853B-B8DF430C2787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix018:*:*:*:*:*:*",
"matchCriteriaId": "DFEAFE85-375D-47DD-8D29-BB8AC17EC557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix020a:*:*:*:*:*:*",
"matchCriteriaId": "899CFB7F-21AD-47AF-8494-3D3E0E243130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix021:*:*:*:*:*:*",
"matchCriteriaId": "563E2A40-CB7C-456C-9915-2F5D01FF37AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix022:*:*:*:*:*:*",
"matchCriteriaId": "91379E62-5D52-4E70-BB55-5CD44D441808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix023:*:*:*:*:*:*",
"matchCriteriaId": "2E60A806-F8F5-464C-95CD-75F5D7EB9065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix024:*:*:*:*:*:*",
"matchCriteriaId": "6FF16BF8-714D-4FB0-88BA-CF0D6B5B355E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix025:*:*:*:*:*:*",
"matchCriteriaId": "5EBC2E3B-028B-4822-B5C9-B876C99E82C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix026a:*:*:*:*:*:*",
"matchCriteriaId": "869E2253-1EF8-482E-A1DF-09194B45990B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix027:*:*:*:*:*:*",
"matchCriteriaId": "41059E5C-FE0B-46FA-9F67-6223F72CA5EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix028:*:*:*:*:*:*",
"matchCriteriaId": "453C5894-0B5B-4AB1-BDDC-005201B94165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix029:*:*:*:*:*:*",
"matchCriteriaId": "5D296DAF-F407-44C7-910B-53BA9E7E0FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix030:*:*:*:*:*:*",
"matchCriteriaId": "2A4AF381-C5A8-44CA-BD5F-B7167BCBEE0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix031:*:*:*:*:*:*",
"matchCriteriaId": "6BB65C18-7859-4CBC-BA99-FE50971031FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix032:*:*:*:*:*:*",
"matchCriteriaId": "2C3A76AB-C70B-49F7-B73C-1A73F2497A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:*",
"matchCriteriaId": "B707842F-4CED-4D84-B812-75B2DB818C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "E7BEB914-06D8-4F0B-89C8-DFFF89B432F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix001:*:*:*:*:*:*",
"matchCriteriaId": "FF01D2AF-8FCB-49FB-BD5F-17877F7731F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix002:*:*:*:*:*:*",
"matchCriteriaId": "B766EDB8-4115-4682-B1AD-57C99107A195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix003:*:*:*:*:*:*",
"matchCriteriaId": "9AB07BE6-C24B-4D7A-B906-2268BAF742CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix004:*:*:*:*:*:*",
"matchCriteriaId": "C405EE5A-4320-4960-B430-00AFCF540089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix005:*:*:*:*:*:*",
"matchCriteriaId": "CE6616C0-F434-4189-AF6E-07AB0E04626F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix006:*:*:*:*:*:*",
"matchCriteriaId": "854B0828-F782-4F8E-9970-AA7BF2A4F0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix007:*:*:*:*:*:*",
"matchCriteriaId": "76F5529B-09C3-4B3D-B670-978EDE39F086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix008:*:*:*:*:*:*",
"matchCriteriaId": "E2FD2D5C-2BF9-4558-B794-A2CEC3E13E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix009:*:*:*:*:*:*",
"matchCriteriaId": "71F966A3-4D5A-4870-91A0-F7BE6AEECDFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix010:*:*:*:*:*:*",
"matchCriteriaId": "32BB09AF-ED78-4FFB-8313-AC527250CE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix011:*:*:*:*:*:*",
"matchCriteriaId": "01E9BCE0-684F-4624-BD4C-2A90E160C63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:*",
"matchCriteriaId": "62031B5D-C2BE-433B-89D4-9CEB013E0402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "53EA48FB-EA3A-4111-AAAF-F7053DBEEEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix001:*:*:*:*:*:*",
"matchCriteriaId": "5BD93D68-30C9-4E29-8295-AC0121F2EFF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:*",
"matchCriteriaId": "979A3BCA-1EDD-4020-918B-BBEBB6F7EFF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"id": "CVE-2024-43184",
"lastModified": "2025-12-02T21:33:55.763",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-09-04T15:15:45.200",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7244013"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-36157
Vulnerability from fkie_nvd - Published: 2025-08-24 02:15 - Updated: 2025-12-18 17:57
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7242925 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "441ECFF5-7336-4638-8E9A-FDCB25B64455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix001:*:*:*:*:*:*",
"matchCriteriaId": "5732ED04-5F96-4599-93E6-7584885D2B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix002:*:*:*:*:*:*",
"matchCriteriaId": "95526B74-096B-4B77-9335-753403C8FD4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix003:*:*:*:*:*:*",
"matchCriteriaId": "261024C4-6F61-412E-8AD1-735E691BF47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix004:*:*:*:*:*:*",
"matchCriteriaId": "D9F6D0FB-E128-478F-B8AA-D19E9C4B48C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix005:*:*:*:*:*:*",
"matchCriteriaId": "5369A9EE-5DA1-4FDC-8D61-7B34AC7CA2E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix006:*:*:*:*:*:*",
"matchCriteriaId": "8A8996A8-891F-45F3-8950-4D3CDC31FBF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix007:*:*:*:*:*:*",
"matchCriteriaId": "5C3158CF-3B4D-424E-9D71-32949A46ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix008a:*:*:*:*:*:*",
"matchCriteriaId": "FC5C310D-EF92-4B9F-BAB7-1E768336AAF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix009:*:*:*:*:*:*",
"matchCriteriaId": "08DAB6ED-24E3-4041-8230-1D2C15904FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix010:*:*:*:*:*:*",
"matchCriteriaId": "782AB41B-3C55-4701-8F6B-2CDA70A9D66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix011:*:*:*:*:*:*",
"matchCriteriaId": "D5CAE940-F815-472B-AFA7-9E25D04BC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix012:*:*:*:*:*:*",
"matchCriteriaId": "E853B8B5-735D-4873-9377-CFBBC61C6196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix013:*:*:*:*:*:*",
"matchCriteriaId": "2690EEF9-0D5F-4C30-823E-9ABE703007E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix014:*:*:*:*:*:*",
"matchCriteriaId": "193C0380-AD9F-4823-81D8-AB2B95E0C200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix016:*:*:*:*:*:*",
"matchCriteriaId": "B5ABD29B-3AF6-4760-A3CA-356CD933370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix017:*:*:*:*:*:*",
"matchCriteriaId": "D0A30F1F-59AA-485F-853B-B8DF430C2787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix018:*:*:*:*:*:*",
"matchCriteriaId": "DFEAFE85-375D-47DD-8D29-BB8AC17EC557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix020a:*:*:*:*:*:*",
"matchCriteriaId": "899CFB7F-21AD-47AF-8494-3D3E0E243130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix021:*:*:*:*:*:*",
"matchCriteriaId": "563E2A40-CB7C-456C-9915-2F5D01FF37AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix022:*:*:*:*:*:*",
"matchCriteriaId": "91379E62-5D52-4E70-BB55-5CD44D441808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix023:*:*:*:*:*:*",
"matchCriteriaId": "2E60A806-F8F5-464C-95CD-75F5D7EB9065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix024:*:*:*:*:*:*",
"matchCriteriaId": "6FF16BF8-714D-4FB0-88BA-CF0D6B5B355E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix025:*:*:*:*:*:*",
"matchCriteriaId": "5EBC2E3B-028B-4822-B5C9-B876C99E82C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix026a:*:*:*:*:*:*",
"matchCriteriaId": "869E2253-1EF8-482E-A1DF-09194B45990B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix027:*:*:*:*:*:*",
"matchCriteriaId": "41059E5C-FE0B-46FA-9F67-6223F72CA5EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix028:*:*:*:*:*:*",
"matchCriteriaId": "453C5894-0B5B-4AB1-BDDC-005201B94165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix029:*:*:*:*:*:*",
"matchCriteriaId": "5D296DAF-F407-44C7-910B-53BA9E7E0FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix030:*:*:*:*:*:*",
"matchCriteriaId": "2A4AF381-C5A8-44CA-BD5F-B7167BCBEE0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix031:*:*:*:*:*:*",
"matchCriteriaId": "6BB65C18-7859-4CBC-BA99-FE50971031FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix032:*:*:*:*:*:*",
"matchCriteriaId": "2C3A76AB-C70B-49F7-B73C-1A73F2497A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:*",
"matchCriteriaId": "B707842F-4CED-4D84-B812-75B2DB818C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix034:*:*:*:*:*:*",
"matchCriteriaId": "0702FAA2-762A-4A95-A73A-59AB2DA1DBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix035:*:*:*:*:*:*",
"matchCriteriaId": "304FCE68-7AD2-49DA-97BD-EA95A1B90A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "E7BEB914-06D8-4F0B-89C8-DFFF89B432F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix001:*:*:*:*:*:*",
"matchCriteriaId": "FF01D2AF-8FCB-49FB-BD5F-17877F7731F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix002:*:*:*:*:*:*",
"matchCriteriaId": "B766EDB8-4115-4682-B1AD-57C99107A195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix003:*:*:*:*:*:*",
"matchCriteriaId": "9AB07BE6-C24B-4D7A-B906-2268BAF742CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix004:*:*:*:*:*:*",
"matchCriteriaId": "C405EE5A-4320-4960-B430-00AFCF540089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix005:*:*:*:*:*:*",
"matchCriteriaId": "CE6616C0-F434-4189-AF6E-07AB0E04626F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix006:*:*:*:*:*:*",
"matchCriteriaId": "854B0828-F782-4F8E-9970-AA7BF2A4F0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix007:*:*:*:*:*:*",
"matchCriteriaId": "76F5529B-09C3-4B3D-B670-978EDE39F086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix008:*:*:*:*:*:*",
"matchCriteriaId": "E2FD2D5C-2BF9-4558-B794-A2CEC3E13E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix009:*:*:*:*:*:*",
"matchCriteriaId": "71F966A3-4D5A-4870-91A0-F7BE6AEECDFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix010:*:*:*:*:*:*",
"matchCriteriaId": "32BB09AF-ED78-4FFB-8313-AC527250CE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix011:*:*:*:*:*:*",
"matchCriteriaId": "01E9BCE0-684F-4624-BD4C-2A90E160C63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:*",
"matchCriteriaId": "62031B5D-C2BE-433B-89D4-9CEB013E0402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix013:*:*:*:*:*:*",
"matchCriteriaId": "86F6DF11-AC1B-4B9C-89B0-C5930775AC95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix014:*:*:*:*:*:*",
"matchCriteriaId": "4AA16E96-2467-4542-991A-C38906494A7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix015:*:*:*:*:*:*",
"matchCriteriaId": "9F7B38A2-AB25-4FFB-BC2F-6D29BCD57C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix016:*:*:*:*:*:*",
"matchCriteriaId": "C6249D2A-8564-415F-BF39-887C6B1D3679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix017:*:*:*:*:*:*",
"matchCriteriaId": "1CA1754B-4021-486A-8700-C725098EF3D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix018:*:*:*:*:*:*",
"matchCriteriaId": "1DAB4860-8F6E-4066-A56F-67CBE40185EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "53EA48FB-EA3A-4111-AAAF-F7053DBEEEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix001:*:*:*:*:*:*",
"matchCriteriaId": "5BD93D68-30C9-4E29-8295-AC0121F2EFF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:*",
"matchCriteriaId": "979A3BCA-1EDD-4020-918B-BBEBB6F7EFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix003:*:*:*:*:*:*",
"matchCriteriaId": "A32F602D-AE6E-4120-9E24-BD18989FB80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:*",
"matchCriteriaId": "5D3BC640-5946-4349-8E62-6C2D4AF03ADC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions."
},
{
"lang": "es",
"value": "IBM Jazz Foundation 7.0.2 a 7.0.2 iFix035, 7.0.3 a 7.0.3 iFix018 y 7.1.0 a 7.1.0 iFix004 podr\u00edan permitir que un atacante remoto no autenticado actualice archivos de propiedades del servidor que le permitir\u00edan realizar acciones no autorizadas."
}
],
"id": "CVE-2025-36157",
"lastModified": "2025-12-18T17:57:24.187",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-24T02:15:44.100",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7242925"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-29669
Vulnerability from fkie_nvd - Published: 2025-01-12 02:15 - Updated: 2025-03-13 16:25
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7180689 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | jazz_foundation | 6.0.6 | |
| ibm | jazz_foundation | 6.0.6.1 | |
| ibm | jazz_foundation | 7.0 | |
| ibm | jazz_foundation | 7.0.1 | |
| ibm | jazz_foundation | 7.0.2 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "424603FB-FDF8-4B24-9CE0-7F6A4C672E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8953DBFF-60FB-408A-9427-F5E32D2F47C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E1B11480-FE00-4675-85DE-054445FF5827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB527F3-F4CA-4EC3-BA71-30C1F8BDC91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A96AC18-F48B-42AA-98B8-5FCFFB5C4D3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
},
{
"lang": "es",
"value": "IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2 es vulnerable a ataques de Cross Site Scripting. Esta vulnerabilidad permite a los usuarios incorporar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales en una sesi\u00f3n de confianza."
}
],
"id": "CVE-2021-29669",
"lastModified": "2025-03-13T16:25:10.947",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-12T02:15:18.750",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7180689"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-41780
Vulnerability from fkie_nvd - Published: 2025-01-03 15:15 - Updated: 2025-03-21 15:34
Severity ?
4.2 (Medium) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could
could allow a physical user to obtain sensitive information due to not masking passwords during entry.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7180119 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | jazz_foundation | 7.0.2 | |
| ibm | jazz_foundation | 7.0.3 | |
| ibm | jazz_foundation | 7.1.0 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "441ECFF5-7336-4638-8E9A-FDCB25B64455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "E7BEB914-06D8-4F0B-89C8-DFFF89B432F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "53EA48FB-EA3A-4111-AAAF-F7053DBEEEA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could \n\ncould allow a physical user to obtain sensitive information due to not masking passwords during entry."
},
{
"lang": "es",
"value": "IBM Jazz Foundation 7.0.2, 7.0.3 y 7.1.0 podr\u00edan permitir que un usuario f\u00edsico obtenga informaci\u00f3n confidencial debido a que no se ocultan las contrase\u00f1as durante el ingreso."
}
],
"id": "CVE-2024-41780",
"lastModified": "2025-03-21T15:34:55.487",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-03T15:15:10.367",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7180119"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-359"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-5591
Vulnerability from fkie_nvd - Published: 2025-01-03 15:15 - Updated: 2025-03-21 15:35
Severity ?
Summary
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7180120 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | jazz_foundation | 7.0.2 | |
| ibm | jazz_foundation | 7.0.3 | |
| ibm | jazz_foundation | 7.1.0 | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "441ECFF5-7336-4638-8E9A-FDCB25B64455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "E7BEB914-06D8-4F0B-89C8-DFFF89B432F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "53EA48FB-EA3A-4111-AAAF-F7053DBEEEA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system."
},
{
"lang": "es",
"value": "IBM Jazz Foundation 7.0.2, 7.0.3 y 7.1.0 podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda utilizarse en futuros ataques contra el sistema."
}
],
"id": "CVE-2024-5591",
"lastModified": "2025-03-21T15:35:46.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-01-03T15:15:10.813",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7180120"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-45181
Vulnerability from fkie_nvd - Published: 2024-11-25 16:15 - Updated: 2025-01-14 19:46
Severity ?
Summary
IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7176207 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | jazz_foundation | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7057D47F-DC48-452F-A419-630AC0C0A5C4",
"versionEndExcluding": "7.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
},
{
"lang": "es",
"value": "IBM Jazz Foundation 7.0.2 y versiones anteriores son vulnerables a ataques de cross-site scripting. Esta vulnerabilidad permite a los usuarios incorporar c\u00f3digo JavaScript arbitrario en la interfaz web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
}
],
"id": "CVE-2023-45181",
"lastModified": "2025-01-14T19:46:20.940",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2024-11-25T16:15:11.273",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7176207"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-26280
Vulnerability from fkie_nvd - Published: 2024-11-25 16:15 - Updated: 2025-01-16 16:13
Severity ?
Summary
IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7176207 | Not Applicable, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | jazz_foundation | 7.0.2 | |
| ibm | jazz_foundation | 7.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A96AC18-F48B-42AA-98B8-5FCFFB5C4D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7E20A9-9D5D-4903-96CD-6CE833D1D854",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation 7.0.2 and 7.0.3\u00a0could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control."
},
{
"lang": "es",
"value": "IBM Jazz Foundation 7.0.2 y 7.0.3 podr\u00edan permitir que un usuario cambie su panel de control mediante una solicitud HTTP especialmente manipulada debido a un control de acceso inadecuado."
}
],
"id": "CVE-2023-26280",
"lastModified": "2025-01-16T16:13:59.293",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2024-11-25T16:15:06.243",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7176207"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-39059
Vulnerability from fkie_nvd - Published: 2022-05-11 16:15 - Updated: 2024-11-21 06:18
Severity ?
Summary
IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/214619 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6584347 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/214619 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6584347 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | jazz_foundation | 6.0.6 | |
| ibm | jazz_foundation | 6.0.6.1 | |
| ibm | jazz_foundation | 7.0 | |
| ibm | jazz_foundation | 7.0.1 | |
| ibm | jazz_foundation | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "424603FB-FDF8-4B24-9CE0-7F6A4C672E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8953DBFF-60FB-408A-9427-F5E32D2F47C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E1B11480-FE00-4675-85DE-054445FF5827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB527F3-F4CA-4EC3-BA71-30C1F8BDC91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A96AC18-F48B-42AA-98B8-5FCFFB5C4D3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619."
},
{
"lang": "es",
"value": "IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2) es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 214619"
}
],
"id": "CVE-2021-39059",
"lastModified": "2024-11-21T06:18:31.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-11T16:15:08.660",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214619"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6584347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6584347"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-1826 (GCVE-0-2025-1826)
Vulnerability from cvelistv5 – Published: 2025-10-07 17:50 – Updated: 2025-10-14 18:24
VLAI?
Title
IBM Jazz Foundation cross-site scripting
Summary
IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
7.0.2 , ≤ 7.0.2 iFix034
(semver)
Affected: 7.0.3 , ≤ 7.0.3 iFix016 (semver) Affected: 7.1.0 , ≤ 7.1.0 iFix004 (semver) cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix034:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix016:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T18:13:04.012312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T18:15:35.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix034:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix016:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 iFix034",
"status": "affected",
"version": "7.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 iFix016",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.0 iFix004",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034,\u0026nbsp;7.0.3 to 7.0.3 iFix016, and\u0026nbsp;7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034,\u00a07.0.3 to 7.0.3 iFix016, and\u00a07.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:24:39.313Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7247292"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\u003c/p\u003e\u003cp\u003eIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. \u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eAffected Product(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e7.0.2\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.2\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.0.2-IBM-ELM-iFix035\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix035\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e7.0.3\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.3\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.0.3-IBM-ELM-iFix017\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix017\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e7.1.0\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.1\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.1-IBM-ELM-iFix005\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix005\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\n\nIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. \n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.0.2Download and install iFix035 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.0.3Download and install iFix017 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.1.0Download and install iFix005 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or later"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1826",
"datePublished": "2025-10-07T17:50:00.512Z",
"dateReserved": "2025-03-01T14:39:35.654Z",
"dateUpdated": "2025-10-14T18:24:39.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25048 (GCVE-0-2025-25048)
Vulnerability from cvelistv5 – Published: 2025-09-04 15:06 – Updated: 2025-09-04 15:16
VLAI?
Title
IBM Jazz Foundation path traversal
Summary
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory.
Severity ?
6.5 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
7.0.2 , ≤ 7.0.2 iFix033
(semver)
Affected: 7.0.3 , ≤ 7.0.3 iFix012 (semver) Affected: 7.1.0 , ≤ 7.1.0 iFix002 (semver) cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-04T15:15:55.482431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T15:16:08.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 iFix033",
"status": "affected",
"version": "7.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 iFix012",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.0 iFix002",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory."
}
],
"value": "IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T15:06:15.076Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7244014"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\u003c/p\u003e\u003cp\u003eIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2.Optionally, upgrade to the latest 7.1.0 version and apply below fix. \u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eAffected Product(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.0.2\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.2\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.0.2-IBM-ELM-iFix034\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix034\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.0.3\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.3\u0026amp;platform=Windows\u0026amp;function=fixId\u0026amp;fixids=7.0.3-IBM-ELM-iFix013\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix013\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.1.0\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.1\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.1-IBM-ELM-iFix003\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eiFix003\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\n\nIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2.Optionally, upgrade to the latest 7.1.0 version and apply below fix. \n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation7.0.2Download and install iFix034 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation7.0.3Download and install iFix013 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation7.1.0Download and install iFix003 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or later"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation path traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-25048",
"datePublished": "2025-09-04T15:06:15.076Z",
"dateReserved": "2025-02-01T15:07:06.692Z",
"dateUpdated": "2025-09-04T15:16:08.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43184 (GCVE-0-2024-43184)
Vulnerability from cvelistv5 – Published: 2025-09-04 15:04 – Updated: 2025-09-04 17:39
VLAI?
Title
IBM Jazz Foundation cross-site scripting
Summary
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
7.0.2 , ≤ 7.0.2 iFix033
(semver)
Affected: 7.0.3 , ≤ 7.0.3 iFix012 (semver) Affected: 7.1.0 , ≤ 7.1.0 iFix002 (semver) cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-04T17:39:37.249271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T17:39:41.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 iFix033",
"status": "affected",
"version": "7.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 iFix012",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.0 iFix002",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T15:04:57.324Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7244013"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\u003c/p\u003e\u003cp\u003eIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2.Optionally, upgrade to the latest 7.1.0 version and apply below fix. \u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eAffected Product(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.0.2\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.2\u0026amp;platform=Linux\u0026amp;function=fixId\u0026amp;fixids=7.0.2-IBM-ELM-iFix034\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix034\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.0.3\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.3\u0026amp;platform=Windows\u0026amp;function=fixId\u0026amp;fixids=7.0.3-IBM-ELM-iFix013\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=ddp\"\u003eiFix013\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.1.0\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.1\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.1-IBM-ELM-iFix003\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003eiFix003\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\n\nIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2.Optionally, upgrade to the latest 7.1.0 version and apply below fix. \n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation7.0.2Download and install iFix034 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation7.0.3Download and install iFix013 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation7.1.0Download and install iFix003 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or later"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-43184",
"datePublished": "2025-09-04T15:04:57.324Z",
"dateReserved": "2024-08-07T13:29:34.028Z",
"dateUpdated": "2025-09-04T17:39:41.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36157 (GCVE-0-2025-36157)
Vulnerability from cvelistv5 – Published: 2025-08-24 01:14 – Updated: 2025-08-26 14:46
VLAI?
Title
IBM Engineering Lifecycle Management incorrect authorization
Summary
IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.
Severity ?
9.8 (Critical)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Lifecycle Management |
Affected:
7.0.2 , ≤ 7.0.2 iFix035
(semver)
Affected: 7.0.3 , ≤ 7.0.3 iFix018 (semver) Affected: 7.1.0 , ≤ 7.1.0 iFix004 (semver) cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix035:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix018:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T03:55:28.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix035:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix018:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.2 iFix035",
"status": "affected",
"version": "7.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3 iFix018",
"status": "affected",
"version": "7.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.0 iFix004",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions."
}
],
"value": "IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:46:31.452Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7242925"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\u003c/p\u003e\u003cp\u003eIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. \u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eAffected Product(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.0.2\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.2\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.0.2-IBM-ELM-iFix035-sec\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003e7.0.2 iFix035-sec\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.0.3\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.0.3\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.0.3-IBM-ELM-iFix018-sec\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\"\u003e7.0.3 iFix018-sec\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Engineering Lifecycle Management - Jazz Foundation\u003c/td\u003e\u003ctd\u003e7.1.0\u003c/td\u003e\u003ctd\u003eDownload and install \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering\u0026amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management\u0026amp;release=7.1\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.1-IBM-ELM-iFix004-sec\u0026amp;includeRequisites=1\u0026amp;includeSupersedes=0\u0026amp;downloadMethod=http\u0026amp;login=true\"\u003e7.1.0 iFix004-sec\u003c/a\u003e\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eApart from installing these iFixes, kindly perform the following additional step as mentioned below:\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003e1. Set the Advanced property named \"setup.isRegistrationHandlerServiceOpen\" to \"False\" under Jazz Team Server (JTS) \u0026gt; Server Administration \u0026gt; Advanced property page and save your changes.\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\n\nIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. \n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation7.0.2Download and install 7.0.2 iFix035-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation7.0.3Download and install 7.0.3 iFix018-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation7.1.0Download and install 7.1.0 iFix004-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or later\n\n\u00a0\n\nApart from installing these iFixes, kindly perform the following additional step as mentioned below:\n\n\n1. Set the Advanced property named \"setup.isRegistrationHandlerServiceOpen\" to \"False\" under Jazz Team Server (JTS) \u003e Server Administration \u003e Advanced property page and save your changes."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Lifecycle Management incorrect authorization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36157",
"datePublished": "2025-08-24T01:14:41.359Z",
"dateReserved": "2025-04-15T21:16:20.813Z",
"dateUpdated": "2025-08-26T14:46:31.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29669 (GCVE-0-2021-29669)
Vulnerability from cvelistv5 – Published: 2025-01-12 01:30 – Updated: 2025-01-13 15:18
VLAI?
Title
IBM Jazz Foundation cross-site scripting
Summary
IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2
cpe:2.3:a:ibm:jazz_foundation:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:6.0.6.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-29669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T15:18:35.327174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T15:18:46.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:6.0.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-12T01:30:05.836Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7180689"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29669",
"datePublished": "2025-01-12T01:30:05.836Z",
"dateReserved": "2021-03-31T20:12:10.358Z",
"dateUpdated": "2025-01-13T15:18:46.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41780 (GCVE-0-2024-41780)
Vulnerability from cvelistv5 – Published: 2025-01-03 14:38 – Updated: 2025-01-03 17:52
VLAI?
Title
IBM Jazz Foundation information disclosure
Summary
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could
could allow a physical user to obtain sensitive information due to not masking passwords during entry.
Severity ?
4.2 (Medium)
CWE
- CWE-359 - Exposure of Private Information ('Privacy Violation')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
7.0.2, 7.0.3, 7.1.0
cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T17:51:46.924230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T17:52:42.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2, 7.0.3, 7.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a physical user to obtain sensitive information due to not masking passwords during entry.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could \n\ncould allow a physical user to obtain sensitive information due to not masking passwords during entry."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Information (\u0027Privacy Violation\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T14:38:36.851Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7180119"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41780",
"datePublished": "2025-01-03T14:38:36.851Z",
"dateReserved": "2024-07-22T12:03:08.192Z",
"dateUpdated": "2025-01-03T17:52:42.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5591 (GCVE-0-2024-5591)
Vulnerability from cvelistv5 – Published: 2025-01-03 14:33 – Updated: 2025-01-03 17:53
VLAI?
Title
IBM Jazz Foundation information disclosure
Summary
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Severity ?
4.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
7.0.2, 7.0.3, 7.1.0
cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T17:52:58.978439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T17:53:10.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2, 7.0.3, 7.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.\u003c/span\u003e"
}
],
"value": "IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T14:33:51.872Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7180120"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-5591",
"datePublished": "2025-01-03T14:33:51.872Z",
"dateReserved": "2024-06-02T15:43:45.743Z",
"dateUpdated": "2025-01-03T17:53:10.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26280 (GCVE-0-2023-26280)
Vulnerability from cvelistv5 – Published: 2024-11-25 15:51 – Updated: 2024-11-25 18:16
VLAI?
Title
IBM Jazz Foundation improper access control
Summary
IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.
Severity ?
5.3 (Medium)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
7.0.2, 7.0.3
cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T16:24:35.601366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T16:25:00.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2, 7.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Jazz Foundation 7.0.2 and 7.0.3\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Jazz Foundation 7.0.2 and 7.0.3\u00a0could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T18:16:42.402Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7176207"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation improper access control",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-26280",
"datePublished": "2024-11-25T15:51:46.104Z",
"dateReserved": "2023-02-21T13:55:50.150Z",
"dateUpdated": "2024-11-25T18:16:42.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45181 (GCVE-0-2023-45181)
Vulnerability from cvelistv5 – Published: 2024-11-25 15:48 – Updated: 2024-11-25 16:25
VLAI?
Title
IBM Jazz Foundation cross-site scripting
Summary
IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Foundation |
Affected:
7.0.2
cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T16:25:11.523902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T16:25:18.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Jazz Foundation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e"
}
],
"value": "IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T15:48:46.577Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7176207"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Jazz Foundation cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-45181",
"datePublished": "2024-11-25T15:48:46.577Z",
"dateReserved": "2023-10-05T01:38:58.206Z",
"dateUpdated": "2024-11-25T16:25:18.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39059 (GCVE-0-2021-39059)
Vulnerability from cvelistv5 – Published: 2022-05-11 16:10 – Updated: 2024-09-16 23:46
VLAI?
Summary
IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Jazz Team Server |
Affected:
6.0.6
Affected: 6.0.6.1 Affected: 7.0 Affected: 7.0.1 Affected: 7.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6584347"
},
{
"name": "ibm-jazz-cve202139059-xss (214619)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214619"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jazz Team Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/C:L/AV:N/I:L/PR:L/S:C/AC:L/A:N/UI:R/RC:C/E:H/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:10:14",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6584347"
},
{
"name": "ibm-jazz-cve202139059-xss (214619)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214619"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-05-10T00:00:00",
"ID": "CVE-2021-39059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jazz Team Server",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6584347",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6584347 (Jazz Team Server)",
"url": "https://www.ibm.com/support/pages/node/6584347"
},
{
"name": "ibm-jazz-cve202139059-xss (214619)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214619"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39059",
"datePublished": "2022-05-11T16:10:14.841926Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-16T23:46:20.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}