CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38868
https://notcve.org/view.php?id=CVE-2021-38868
18 Jul 2022 — IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id: 208310. IBM Engineering Requirements Quality Assistant On-Premises (Todas las versiones) es vulnerable a un ataque de tipo Cross-Site Request Forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/208310 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29799
https://notcve.org/view.php?id=CVE-2021-29799
18 Jul 2022 — IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID: 203738. IBM Engineering Requirements Quality Assistant On-Premises (Todas las versiones) podría permitir a un usuario autenticado obtener información confidencial debido a una comprobación inapropiada del lado del cliente. IBM X-Force ID: 203738 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203738 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29790
https://notcve.org/view.php?id=CVE-2021-29790
18 Jul 2022 — IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440. IBM Engineering Requirements Quality Assistant On-Premises (Todas las versiones) es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios inser... • https://exchange.xforce.ibmcloud.com/vulnerabilities/203440 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29788
https://notcve.org/view.php?id=CVE-2021-29788
18 Jul 2022 — IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203310. IBM Engineering Requirements Quality Assistant On-Premises (Todas las versiones) es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios inser... • https://exchange.xforce.ibmcloud.com/vulnerabilities/203310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29899
https://notcve.org/view.php?id=CVE-2021-29899
18 Mar 2022 — IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413. IBM Engineering Requirements Quality Assistant versiones anteriores a 3.1.3, podría permitir a un usuario autenticado causar una denegación de servicio. IBM X-Force ID: 207413 • https://exchange.xforce.ibmcloud.com/vulnerabilities/207413 •
CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-29844
https://notcve.org/view.php?id=CVE-2021-29844
27 Oct 2021 — IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facili... • https://exchange.xforce.ibmcloud.com/vulnerabilities/205205 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 25EXPL: 0CVE-2020-5004
https://notcve.org/view.php?id=CVE-2020-5004
28 Jul 2021 — IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957. Los productos de IBM Jazz Foundation son vulnerables al cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario de la web, alterando así la funcionalid... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192957 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 25EXPL: 0CVE-2020-4974
https://notcve.org/view.php?id=CVE-2020-4974
28 Jul 2021 — IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434. Los productos IBM Jazz Foundation son vulnerables a la falsificación de solicitudes del lado del servidor (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría conducir a la en... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192434 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2021-20507
https://notcve.org/view.php?id=CVE-2021-20507
19 Jul 2021 — IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235. Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de us... • https://exchange.xforce.ibmcloud.com/vulnerabilities/198235 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2021-20520
https://notcve.org/view.php?id=CVE-2021-20520
30 Mar 2021 — IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572. Los Productos de IBM Jazz Foundation son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así... • https://exchange.xforce.ibmcloud.com/vulnerabilities/198572 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •