📦 Jazz For Service Management

This CVE describes an XML External Entity (XXE) vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI. Attackers can exploit this by submitting malicious XML data to read...

IBM Jazz for Service Management versions 1.1.3.0 through 1.1.3.24 fail to set the secure attribute on authorization tokens and session cookies, allowing attackers to intercept these cookies via HTTP l...

IBM Jazz for Service Management versions 1.1.3 through 1.1.3.23 contain a cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to inject malicious JavaScript into the web int...

IBM Jazz for Service Management versions 1.1.3 through 1.1.3.22 have improper access restrictions that could allow remote attackers to obtain sensitive information. This information disclosure vulnera...