CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1529
https://notcve.org/view.php?id=CVE-2018-1529
IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142291. IBM Rational DOORS Next Generation de la versión 5.0 a la 5.0.2, la versión 6.0 hasta la 6.0.5 y IBM Rational Requirements Composer desde la versión 5.0 hasta la 5.0.2 son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10717531 http://www.securityfocus.com/bid/104928 https://exchange.xforce.ibmcloud.com/vulnerabilities/142291 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2017-1790
https://notcve.org/view.php?id=CVE-2017-1790
IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137035. IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1 y 5.0.2 y desde la versión 6.0 hasta la 6.0.5 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22012660 https://exchange.xforce.ibmcloud.com/vulnerabilities/137035 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 44EXPL: 0CVE-2015-7449
https://notcve.org/view.php?id=CVE-2015-7449
IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221. IBM Rational Collaborative Lifecycle Management (CLM) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, versiones 6.0.x anteriores a la 6.0.1 iFix5 y versiones 6.0.2 anteriores a la iFix2; Rational Quality Manager (RQM) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, versiones 6.0.x anteriores a la 6.0.1 iFix5 y versiones 6.0.2 anteriores a la iFix2; Rational Team Concert (RTC) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, versiones 6.0.x anteriores a la 6.0.1 iFix5 y versiones 6.0.2 anteriores a la iFix2; Rational Requirements Composer (RRC) en versiones 4.0.x anteriores a la 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, versiones 6.0.x anteriores a la 6.0.1 iFix5 y versiones 6.0.2 anteriores a la iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6 y versiones 4.0.7 anteriores a iFix1, versiones 5.0.x anteriores a la 5.0.2 iFix1 y versiones 6.0.x anteriores a la 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, versiones 6.0.x anteriores a la 6.0.1 iFix5 y en versiones 6.0.2 anteriores a iFix2 podrían permitir que los usuarios locales obtengan información sensible aprovechando el cifrado débil. IBM X-Force ID: 108221. • http://www-01.ibm.com/support/docview.wss?uid=swg21985143 https://exchange.xforce.ibmcloud.com/vulnerabilities/108221 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •
CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1546
https://notcve.org/view.php?id=CVE-2017-1546
IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915. IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0 y 6.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22010321 http://www.securityfocus.com/bid/101895 https://exchange.xforce.ibmcloud.com/vulnerabilities/130915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2017-1338
https://notcve.org/view.php?id=CVE-2017-1338
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126246. IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 y 6.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, alterando las funcionalidades planeadas. • http://www.ibm.com/support/docview.wss?uid=swg22004138 http://www.securityfocus.com/bid/100353 https://exchange.xforce.ibmcloud.com/vulnerabilities/126246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •