CVE-2016-5898 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2016-5898

CWE

https://cwe.mitre.org/data/definitions/254.html

IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information.

Affected Software

Name	Vendor	Start Version	End Version
Jazz_reporting_service	Ibm	5.0 (including)	5.0 (including)
Jazz_reporting_service	Ibm	5.0.1 (including)	5.0.1 (including)
Jazz_reporting_service	Ibm	5.0.2 (including)	5.0.2 (including)
Jazz_reporting_service	Ibm	6.0 (including)	6.0 (including)
Jazz_reporting_service	Ibm	6.0.1 (including)	6.0.1 (including)
Jazz_reporting_service	Ibm	6.0.2 (including)	6.0.2 (including)

References

http://www.ibm.com/support/docview.wss?uid=swg21991154
http://www.securityfocus.com/bid/94848
http://www.ibm.com/support/docview.wss?uid=swg21991154
http://www.securityfocus.com/bid/94848