IBM Jazz for Service Management stores sensitive information in URL parameters
CVEID: CVE-2019-4193 DESCRIPTION: IBM Jazz for Service Management stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159032> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Jazz for Service Management version 1.1.3 - 1.1.3.2
Affected JazzSM Version | Recommended Fix. |
---|---|
Jazz for Service Management version 1.1.3 - 1.1.3.2 | Install 1.1.3-TIV-JazzSM-multi-FP003 |
Please refer Read-me available as part of 1.1.3-TIV-JazzSM-multi-FP003
CPE | Name | Operator | Version |
---|---|---|---|
jazz for service management | eq | any |