CVE-2015-7485
https://notcve.org/view.php?id=CVE-2015-7485
Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108626. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Rational Engineering Lifecycle Manager 3.0 anterior a 3.0.1.6 iFix7 Interim Fix 1, 4.0 anterior a 4.0.7 iFix10, 5.0 anterior a 5.0.2 iFix15 y 6.0 anterior a 6.0.1 iFix4 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores sin especificar. IBM X-Force ID: 108626. • http://www-01.ibm.com/support/docview.wss?uid=swg21983720 https://exchange.xforce.ibmcloud.com/vulnerabilities/108626 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-7486
https://notcve.org/view.php?id=CVE-2015-7486
Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108633. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Rational Engineering Lifecycle Manager 3.0 anterior a 3.0.1.6 iFix7 Interim Fix 1, 4.0 anterior a 4.0.7 iFix10, 5.0 anterior a 5.0.2 iFix15 y 6.0 anterior a 6.0.1 iFix4 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores sin especificar. IBM X-Force ID: 108633. • http://www-01.ibm.com/support/docview.wss?uid=swg21983720 https://exchange.xforce.ibmcloud.com/vulnerabilities/108633 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-7474
https://notcve.org/view.php?id=CVE-2015-7474
Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108501. Vulnerabilidad de Cross-Site Scripting (XSS) en Jazz Foundation en IBM Rational Engineering Lifecycle Manager 3.0 anterior a 3.0.1.6 iFix7 Interim Fix 1, 4.0 anterior a 4.0.7 iFix10, 5.0 anterior a 5.0.2 iFix15 y 6.0 anterior a 6.0.1 iFix4 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores sin especificar. IBM X-Force ID: 108501. • http://www-01.ibm.com/support/docview.wss?uid=swg21983720 https://exchange.xforce.ibmcloud.com/vulnerabilities/108501 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-7484
https://notcve.org/view.php?id=CVE-2015-7484
IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force ID: 108619. IBM Rational Engineering Lifecycle Manager 3.0 anteriores a 3.0.1.6 iFix7 Interim Fix 1 y 4.0 anteriores a 4.0.7 iFix10 permite que usuarios autenticados remotos con acceso a proyectos lifecycle obtengan información sensible mediante el envío de una URL manipulada a Lifecycle Query Engine. IBM X-Force ID: 108619. • http://www-01.ibm.com/support/docview.wss?uid=swg21983720 https://exchange.xforce.ibmcloud.com/vulnerabilities/108619 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-4962
https://notcve.org/view.php?id=CVE-2015-4962
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 uses weak permissions for unspecified project areas, which allows remote authenticated users to obtain sensitive information via unknown vectors. Jazz Team Server en Jazz Foundation en IBM Rational Collaborative Lifecycle Management (CLM) 3.x y 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF9 y 6.x en versiones anteriores a 6.0.1; Rational Quality Manager (RQM) 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF9 y 6.x en versiones anteriores a 6.0.1; Rational Team Concert (RTC) 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF9 y 6.x en versiones anteriores a 6.0.1; Rational Requirements Composer (RRC) 3.x en versiones anteriores a 3.0.1.6 IF7 y 4.x en versiones anteriores a 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF9 y 6.x en versiones anteriores a 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x hasta la versión 4.0.7, 5.x hasta la versión 5.0.2 y 6.x en versiones anteriores a 6.0.1; Rational Rhapsody Design Manager (DM) 4.x hasta la versión 4.0.7, 5.x hasta la versión 5.0.2 y 6.x en versiones anteriores a 6.0.1; y Rational Software Architect Design Manager (DM) 4.x hasta la versión 4.0.7, 5.x hasta la versión 5.0.2 y 6.x en versiones anteriores a 6.0.1 utiliza permisos débiles para áreas de proyecto no especificadas, lo que permite a usuarios remotos autenticados obtener información sensible a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21973404 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •