CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1952
https://notcve.org/view.php?id=CVE-2018-1952
14 Mar 2019 — IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153495. IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager, desde la versión 5.0 hasta la 6.0.6) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permit... • http://www.ibm.com/support/docview.wss?uid=ibm10875340 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1916
https://notcve.org/view.php?id=CVE-2018-1916
14 Mar 2019 — IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152740. IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager, desde la versión 5.0 hasta la 6.0.6) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permit... • http://www.ibm.com/support/docview.wss?uid=ibm10875340 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1688
https://notcve.org/view.php?id=CVE-2018-1688
14 Mar 2019 — IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145509. IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management, desde la versión 5.0 hasta la 6.0.6) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabili... • http://www.ibm.com/support/docview.wss?uid=ibm10875340 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1762
https://notcve.org/view.php?id=CVE-2018-1762
29 Nov 2018 — IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148616. IBM Rational Collaborative Lifecycle Management desde la versión 5.0 hasta la 5.0.2 y desde la versión 6.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting (XSS).... • http://www.securityfocus.com/bid/106053 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1606
https://notcve.org/view.php?id=CVE-2018-1606
06 Nov 2018 — IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM ... • http://www.ibm.com/support/docview.wss?uid=ibm10738301 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1694
https://notcve.org/view.php?id=CVE-2018-1694
06 Nov 2018 — IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Ration... • http://www.ibm.com/support/docview.wss?uid=ibm10738301 •
CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1558
https://notcve.org/view.php?id=CVE-2018-1558
02 Oct 2018 — IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956. IBM Rational Collaborative Lifecycle Management, de la versión 5.0 a la 5.02 y desde la versión 6.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting (XSS). Esta vu... • http://www.ibm.com/support/docview.wss?uid=ibm10732477 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2018-1394
https://notcve.org/view.php?id=CVE-2018-1394
20 Aug 2018 — Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425. Múltiples productos IBM Rational son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidad... • https://exchange.xforce.ibmcloud.com/vulnerabilities/138425 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2017-1753
https://notcve.org/view.php?id=CVE-2017-1753
20 Aug 2018 — Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655. Múltiples productos IBM Rational son vulnerables a inyección HTML. Un atacante remoto podría ejecutar código HTML malicioso que, cuando se visualice, se ejecutaría en el navegador web de la víctima en el contexto de seguridad del sitio anfitrión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/135655 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1587
https://notcve.org/view.php?id=CVE-2018-1587
19 Jul 2018 — IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500. IBM Rational Rhapsody Design Manager desde la versión 5.0 hasta la 5.0.2 y desde la versión 6.0 hasta la 6.0.5 y IBM Rational Software Architect Design Manage... • http://www.ibm.com/support/docview.wss?uid=ibm10716029 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •