Information Disclosure Vulnerability in IBM Jazz Reporting Service
CVE-2017-1340

5MEDIUM

Key Information:

Vendor
IBM
Status
Jazz Reporting Service
Vendor
CVE Published:
1 November 2017

Summary

An issue exists in IBM Jazz Reporting Service (JRS) 6.0.4 that could allow an authenticated user to gain unauthorized access to information obtained from another server that interacts with the current report builder. This vulnerability could potentially expose sensitive data, highlighting the importance of securing user access controls and monitoring interactions between servers.

Affected Version(s)

Jazz Reporting Service 6.0.4

References

http://www.securityfocus.com/bid/101880
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/126455
x_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=swg22009973
x_refsource_CONFIRM

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.