Ibm Jazz Reporting Service — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Jazz Reporting Service, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (55)
CVE-2019-4651 — CVSS 9.8 (critical): IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements…
CVE-2015-7465 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before…
CVE-2016-0315 — CVSS 8.8 (high): The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1…
CVE-2016-2889 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service…
CVE-2015-7464 — CVSS 7.5 (high): Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows…
CVE-2016-0319 — CVSS 7.5 (high): The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated…
CVE-2015-7470 — CVSS 7.5 (high): Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows…
CVE-2024-25051 — CVSS 6.6 (medium): IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to…
CVE-2016-0314 — CVSS 6.5 (medium): The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1…
CVE-2016-0317 — CVSS 6.5 (medium): Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct…
CVE-2020-4539 — CVSS 6.1 (medium): IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to…
CVE-2020-4533 — CVSS 6.1 (medium): IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2020-4541 — CVSS 6.1 (medium): IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2016-9988 — CVSS 5.4 (medium): IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2016-9989 — CVSS 5.4 (medium): IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2017-1096 — CVSS 5.4 (medium): IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2020-4933 — CVSS 5.4 (medium): IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2015-7467 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and…
CVE-2016-0313 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x…
CVE-2016-0316 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006…
CVE-2016-0350 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x…
CVE-2016-2888 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x…
CVE-2016-5897 — CVSS 5.4 (medium): IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed…
CVE-2016-5899 — CVSS 5.4 (medium): IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2016-6039 — CVSS 5.4 (medium): IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2016-6047 — CVSS 5.4 (medium): IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2016-6054 — CVSS 5.4 (medium): IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI…
CVE-2016-9986 — CVSS 5.4 (medium): IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2016-9987 — CVSS 5.4 (medium): IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2017-1750 — CVSS 5.4 (medium): IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows…
CVE-2018-1363 — CVSS 5.4 (medium): IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows…
CVE-2018-1918 — CVSS 5.4 (medium): IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to…
CVE-2018-2004 — CVSS 5.4 (medium): IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2019-4184 — CVSS 5.4 (medium): IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2019-4494 — CVSS 5.4 (medium): IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This…
CVE-2019-4495 — CVSS 5.4 (medium): IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This…
CVE-2019-4497 — CVSS 5.4 (medium): IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This…
CVE-2020-4419 — CVSS 5.4 (medium): IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2020-4718 — CVSS 5.4 (medium): IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to…
CVE-2021-20535 — CVSS 5.4 (medium): IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an…
CVE-2017-1490 — CVSS 5.3 (medium): An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive…
CVE-2016-0318 — CVSS 5.0 (medium): Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout…
CVE-2017-1340 — CVSS 5.0 (medium): IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report…
CVE-2017-1370 — CVSS 4.9 (medium): IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message…
CVE-2024-25052 — CVSS 4.4 (medium): IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363.
CVE-2017-1157 — CVSS 4.3 (medium): IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to…
CVE-2015-7469 — CVSS 4.3 (medium): Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows…
CVE-2019-4047 — CVSS 4.3 (medium): IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the…
CVE-2015-7468 — CVSS 4.3 (medium): Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows…
CVE-2016-5898 — CVSS 4.3 (medium): IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON…
CVE-2018-1639 — CVSS 4.3 (medium): The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive…
CVE-2025-27550 — CVSS 3.5 (low): IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that…
CVE-2025-1823 — CVSS 3.5 (low): IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL…
CVE-2025-2134 — CVSS 3.5 (low): IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries…
CVE-2015-7466 — CVSS 3.1 (low): Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to…