Описание
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ibm:jazz_reporting_service:6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00188
Низкий
3.1 Low
CVSS3
4 Medium
CVSS2
Дефекты
CWE-74
Связанные уязвимости
CVSS3: 3.1
github
больше 3 лет назад
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors.
EPSS
Процентиль: 41%
0.00188
Низкий
3.1 Low
CVSS3
4 Medium
CVSS2
Дефекты
CWE-74