CNNVD-202510-4397 Information
CNNVD ID
CNNVD-202510-4397
Related CVE
- CNNVD Published: 2025-10-31
Description (Chinese)
IBM Jazz for Service Management是美国国际商业机器(IBM)公司的一款提供对服务管理环境可见性的集成服务管理产品。 IBM Jazz for Service Management 1.1.3.0版本至1.1.3.25版本存在安全漏洞,该漏洞源于未在授权令牌或会话cookie上设置安全属性,可能导致攻击者通过发送http链接或植入恶意链接获取cookie值。
Description (English)
IBM Jazz for Service Management is an integrated service management product provided by the United States International Business Machinery (IBM) company that provides visibility to the service management environment. IBM Jazz for Service Management Versions 1.1.3.0 to 1.1.3.25 have a security loophole, which stems from the failure to set security attributes on authorized tokens or session cookies, which may lead the assailant to obtain the cookie values by sending a link to http or embedding a malicious link.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
国际商业机器
Published
2025-10-31
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7249820 https://access.redhat.com/security/cve/cve-2025-36249
Patch
https://www.ibm.com/support/pages/node/7249820
Share on: