Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HIBM Jazz Reporting Service
APPIbm5.05.0.15.0.26.06.0.16.0.2
Related vulnerabilities
IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send speciall...
The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix00...
The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 if...
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-...
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-...