SB2017073121 - Multiple vulnerabilities in IBM Jazz Reporting Service
Published: July 31, 2017 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2017-1340)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote authenticated user to gain access to sensitive information.
IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455.
2) Information disclosure (CVE-ID: CVE-2017-1490)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote authenticated user to gain access to sensitive information.
An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information.
3) Information Exposure Through an Error Message (CVE-ID: CVE-2017-1370)
CWE-ID: CWE-209 - Information Exposure Through an Error Message
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote privileged user to gain access to sensitive information.
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863.
Remediation
Install update from vendor's website.
References
- http://www.ibm.com/support/docview.wss?uid=swg22009973
- http://www.securityfocus.com/bid/101880
- https://exchange.xforce.ibmcloud.com/vulnerabilities/126455
- http://www.ibm.com/support/docview.wss?uid=swg22008253
- http://www.securityfocus.com/bid/100835
- https://exchange.xforce.ibmcloud.com/vulnerabilities/128688
- http://www.ibm.com/support/docview.wss?uid=swg22005868
- http://www.securityfocus.com/bid/99954
- https://exchange.xforce.ibmcloud.com/vulnerabilities/126863