Ibm Jazz For Service Management — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Jazz For Service Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2017-1631 — CVSS 8.8 (high): IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to…
CVE-2017-1746 — CVSS 8.8 (high): IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to…
CVE-2021-29831 — CVSS 8.1 (high): IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack…
CVE-2019-4193 — CVSS 7.5 (high): IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure…
CVE-2021-29816 — CVSS 6.5 (medium): IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow…
CVE-2024-52892 — CVSS 6.1 (medium): IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated…
CVE-2019-4186 — CVSS 6.1 (medium): IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during…
CVE-2019-4201 — CVSS 6.1 (medium): IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open…
CVE-2021-29904 — CVSS 5.5 (medium): IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read…
CVE-2019-4275 — CVSS 5.5 (medium): IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that…
CVE-2021-29813 — CVSS 5.4 (medium): IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This…
CVE-2021-29814 — CVSS 5.4 (medium): IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This…
CVE-2021-29815 — CVSS 5.4 (medium): IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This…
CVE-2021-29833 — CVSS 5.4 (medium): IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This…
CVE-2021-29905 — CVSS 5.4 (medium): IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability…
CVE-2021-38877 — CVSS 5.4 (medium): IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2022-35721 — CVSS 5.4 (medium): IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2022-35722 — CVSS 5.4 (medium): IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2021-29832 — CVSS 5.4 (medium): IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This…
CVE-2019-4718 — CVSS 5.4 (medium): IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2021-29800 — CVSS 5.4 (medium): IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This…
CVE-2021-29810 — CVSS 5.4 (medium): IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This…
CVE-2021-29812 — CVSS 5.4 (medium): IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This…
CVE-2023-46186 — CVSS 5.3 (medium): IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to…
CVE-2024-47106 — CVSS 5.3 (medium): IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access…
CVE-2019-4194 — CVSS 4.3 (medium): IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete…
CVE-2025-36011 — CVSS 4.3 (medium): IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies…
CVE-2025-36249 — CVSS 3.7 (low): IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies…