CVE-2025-1823
SQL Injection in IBM Jazz Reporting Service Causes DoS
Publication date: 2026-02-04
Last updated on: 2026-02-12
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.0.3 |
| ibm | jazz_reporting_service | 7.1 |
| ibm | jazz_reporting_service | 7.1 |
| ibm | jazz_reporting_service | 7.1 |
| ibm | jazz_reporting_service | 7.1 |
| ibm | jazz_reporting_service | 7.1 |
| ibm | jazz_reporting_service | 7.1 |
| ibm | jazz_reporting_service | 7.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-1823 affects IBM Jazz Reporting Service versions 7.0.3 to 7.0.3iFix020 and 7.1 to 7.1iFix006. It allows an authenticated user on the host network to cause a denial of service by submitting a specially crafted SQL query that consumes excessive memory resources.
This vulnerability is classified under CWE-770, which involves allocation of resources without limits or throttling, leading to resource exhaustion.
How can this vulnerability impact me? :
The vulnerability can impact you by causing a denial of service (DoS) condition on the IBM Jazz Reporting Service. An attacker with authenticated access on the host network can submit crafted SQL queries that consume excessive memory, potentially making the service unavailable.
This results in an availability impact only, with no direct confidentiality or integrity compromise.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection methods or commands provided to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
IBM recommends remediation by applying the following fixes: 7.1iFix007 for version 7.1 and 7.0.3iFix021 for version 7.0.3 of IBM Jazz Reporting Service.
No workarounds or mitigations are provided other than applying these fixes.