threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm jazz for service management
Product
ibm jazz for service management
28 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-36249
>= 1.1.3.0 and < 1.1.3.26
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cook
3.7
LOW
CVE-2025-36011
>= 1.1.3.0 and < 1.1.3.25
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cook
4.3
MEDIUM
CVE-2024-52892
>= 1.1.3 and < 1.1.3.24
IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthe
6.1
MEDIUM
CVE-2024-47106
>= 1.1.3 and <= 1.1.3.22
IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper
5.3
MEDIUM
CVE-2023-46186
all versions
IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsi
5.3
MEDIUM
CVE-2022-35722
< 1.1.3.16
IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2022-35721
all versions
IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbit
5.4
MEDIUM
CVE-2021-38877
all versions
IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed ar
5.4
MEDIUM
CVE-2021-29905
all versions
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerabil
5.4
MEDIUM
CVE-2021-29904
all versions
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which ca
5.5
MEDIUM
CVE-2021-29833
all versions
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vul
5.4
MEDIUM
CVE-2021-29832
all versions
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vul
5.4
MEDIUM
CVE-2021-29816
all versions
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which coul
6.5
MEDIUM
CVE-2021-29815
all versions
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vul
5.4
MEDIUM
CVE-2021-29814
all versions
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vul
5.4
MEDIUM
CVE-2021-29813
all versions
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vul
5.4
MEDIUM
CVE-2021-29812
all versions
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vul
5.4
MEDIUM
CVE-2021-29810
all versions
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vul
5.4
MEDIUM
CVE-2021-29800
all versions
IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vul
5.4
MEDIUM
CVE-2021-29831
all versions
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE
8.1
HIGH
CVE-2019-4718
all versions
IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary Jav
5.4
MEDIUM
CVE-2019-4186
all versions
IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header du
6.1
MEDIUM
CVE-2019-4275
all versions
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names
5.5
MEDIUM
CVE-2019-4194
>= 1.1.3.0 and <= 1.1.3.2
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to de
4.3
MEDIUM
CVE-2019-4193
>= 1.1.3 and <= 1.1.3.2
IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information dis
7.5
HIGH
CVE-2019-4201
>= 1.1.3 and <= 1.1.3.2
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an op
6.1
MEDIUM
CVE-2017-1746
all versions
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an att
8.8
HIGH
CVE-2017-1631
all versions
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an att
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin