CVE-2016-5898

Summary

IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationJazz Reporting Service6affected
IBM CorporationJazz Reporting Service5.0affected
IBM CorporationJazz Reporting Service5.0.1affected
IBM CorporationJazz Reporting Service5.0.2affected
IBM CorporationJazz Reporting Service6.0affected
IBM CorporationJazz Reporting Service6.0.1affected
IBM CorporationJazz Reporting Service6.0.2affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References