Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Filtered by product Jazz Team Server
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-39043 1 Ibm 1 Jazz Team Server 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214032.
CVE-2021-38879 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057.
CVE-2021-38871 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208345.
CVE-2021-29865 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2024-11-21 4.9 MEDIUM 5.4 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 206091.
CVE-2021-20551 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2024-11-21 2.1 LOW 3.3 LOW
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.
CVE-2021-20544 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931.
CVE-2021-20543 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929.
CVE-2021-20421 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2021-20355 3 Ibm, Linux, Microsoft 3 Jazz Team Server, Linux Kernel, Windows 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891.