Information disclosure in Jazz Reporting Service - CVE-2017-1490
Published: September 14, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU38288
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-1490
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
Jazz Reporting Service
Jazz Reporting Service
Detailed vulnerability description
The vulnerability allows a remote authenticated user to gain access to sensitive information.
An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information.
How to mitigate CVE-2017-1490
Install update from vendor's website.