44 results (0.031 seconds)

CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0

IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 140091. IBM Rhapsody DM, desde la versión 5.0 hasta la 5.0.2 y desde la versión 6.0 hasta la 6.0.5 es vulnerable a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=swg22016795 https://exchange.xforce.ibmcloud.com/vulnerabilities/140091 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0

IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625. IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 y 6.0) podría permitir a un usuario autenticado acceder a ajustes para los que no debería estar autorizado mediante una URL especialmente manipulada. IBM X-Force ID: 132625. • http://www.ibm.com/support/docview.wss?uid=swg22014815 http://www.securityfocus.com/bid/103477 https://exchange.xforce.ibmcloud.com/vulnerabilities/132625 • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970. IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 y 6.0) podría permitir que un usuario autenticado obtenga información sensible de una petición HTTP especialmente manipulada que podría emplear como ayuda para futuros ataques. IBM X-Force ID: 129970. • http://www.ibm.com/support/docview.wss?uid=swg22014815 http://www.securityfocus.com/bid/103477 https://exchange.xforce.ibmcloud.com/vulnerabilities/129970 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.3EPSS: 0%CPEs: 44EXPL: 0

IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221. IBM Rational Collaborative Lifecycle Management (CLM) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, versiones 6.0.x anteriores a la 6.0.1 iFix5 y versiones 6.0.2 anteriores a la iFix2; Rational Quality Manager (RQM) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, versiones 6.0.x anteriores a la 6.0.1 iFix5 y versiones 6.0.2 anteriores a la iFix2; Rational Team Concert (RTC) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, versiones 6.0.x anteriores a la 6.0.1 iFix5 y versiones 6.0.2 anteriores a la iFix2; Rational Requirements Composer (RRC) en versiones 4.0.x anteriores a la 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, versiones 6.0.x anteriores a la 6.0.1 iFix5 y versiones 6.0.2 anteriores a la iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6 y versiones 4.0.7 anteriores a iFix1, versiones 5.0.x anteriores a la 5.0.2 iFix1 y versiones 6.0.x anteriores a la 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, versiones 6.0.x anteriores a la 6.0.1 iFix5 y en versiones 6.0.2 anteriores a iFix2 podrían permitir que los usuarios locales obtengan información sensible aprovechando el cifrado débil. IBM X-Force ID: 108221. • http://www-01.ibm.com/support/docview.wss?uid=swg21985143 https://exchange.xforce.ibmcloud.com/vulnerabilities/108221 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •

CVSS: 6.1EPSS: 0%CPEs: 41EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108296. Vulnerabilidad Cross-Site Scripting (XSS) en IBM Rational Collaborative Lifecycle Management (CLM) en versiones 3.0.1 anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x anteriores a 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6 y 4.0.7 anteriores a iFix10, 5.0.x anteriores a 5.0.2 iFix1 y 6.0.x anteriores a 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores sin especificar. IBM X-Force ID: 108296. • http://www-01.ibm.com/support/docview.wss?uid=swg21982747 https://exchange.xforce.ibmcloud.com/vulnerabilities/108296 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •