← Back

CVE-2025-27550

nvd nist
Published: Feb 4, 2026Modified: Feb 23, 2026

JSON object

Loading...
3.5
Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.1 / Impact: 1.4
Source: psirt@us.ibm.com

Description

IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server.

Affected (28)

Ibm
1 product
Jazz Reporting Service
Configuration A
28 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Jazz Reporting Service
Version 7.0.3
Jazz Reporting Service
Version 7.0.3 ifix001
Jazz Reporting Service
Version 7.0.3 ifix002
Jazz Reporting Service
Version 7.0.3 ifix003
Jazz Reporting Service
Version 7.0.3 ifix004
Jazz Reporting Service
Version 7.0.3 ifix005
Jazz Reporting Service
Version 7.0.3 ifix006
Jazz Reporting Service
Version 7.0.3 ifix007
Jazz Reporting Service
Version 7.0.3 ifix008
Jazz Reporting Service
Version 7.0.3 ifix009
Jazz Reporting Service
Version 7.0.3 ifix010
Jazz Reporting Service
Version 7.0.3 ifix011
Jazz Reporting Service
Version 7.0.3 ifix012
Jazz Reporting Service
Version 7.0.3 ifix013
Jazz Reporting Service
Version 7.0.3 ifix014
Jazz Reporting Service
Version 7.0.3 ifix015
Jazz Reporting Service
Version 7.0.3 ifix016
Jazz Reporting Service
Version 7.0.3 ifix017
Jazz Reporting Service
Version 7.0.3 ifix018
Jazz Reporting Service
Version 7.0.3 ifix019
Jazz Reporting Service
Version 7.0.3 ifix020
Jazz Reporting Service
Version 7.1
Jazz Reporting Service
Version 7.1 ifix001
Jazz Reporting Service
Version 7.1 ifix002
Jazz Reporting Service
Version 7.1 ifix003
Jazz Reporting Service
Version 7.1 ifix004-sr1-base
Jazz Reporting Service
Version 7.1 ifix005
Jazz Reporting Service
Version 7.1 ifix006

Related CWEs

CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

References (1)

Source: psirt@us.ibm.com
Vendor Advisory

Timeline

No history available yet.