Security Vulnerabilities - CVEs Published In July 2017
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-07-05
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-07-05
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120554.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-07-05
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120555.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-07-05
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120656.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-07-05
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033.
CVSS Score
2.5
EPSS Score
0.001
Published
2017-07-05
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-07-05
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633.
CVSS Score
9.9
EPSS Score
0.014
Published
2017-07-05
IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634.
CVSS Score
7.1
EPSS Score
0.005
Published
2017-07-05
IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-07-05