Main Vulnerability Database Vulnerabilities #VU37990

Information disclosure in Jazz Reporting Service - CVE-2017-1340

Published: November 1, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37990

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-1340

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
Jazz Reporting Service

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455.

How to mitigate CVE-2017-1340

Install update from vendor's website.

Sources

http://www.ibm.com/support/docview.wss?uid=swg22009973
http://www.securityfocus.com/bid/101880
https://exchange.xforce.ibmcloud.com/vulnerabilities/126455

Information disclosure in Jazz Reporting Service - CVE-2017-1340

Detailed vulnerability description

How to mitigate CVE-2017-1340

Sources

Please verify you're human