CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41779 – IBM Engineering Systems Design Rhapsody - Model Manager
https://notcve.org/view.php?id=CVE-2024-41779
22 Nov 2024 — IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 y 7.0.3 podría permitir que un atacante remoto eluda las restricciones de seguridad provocadas por una condición de ejecución. Al enviar una solicitud especialmente manipulada,... • https://www.ibm.com/support/pages/node/7172535 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.4EPSS: 0%CPEs: 38EXPL: 0CVE-2021-20519
https://notcve.org/view.php?id=CVE-2021-20519
12 Apr 2021 — IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcio... • https://exchange.xforce.ibmcloud.com/vulnerabilities/198441 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2020-4965
https://notcve.org/view.php?id=CVE-2020-4965
12 Apr 2021 — IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422. Los productos IBM Jazz Team Server utilizan algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 192422 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192422 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2020-4964
https://notcve.org/view.php?id=CVE-2020-4964
12 Apr 2021 — IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419. Los productos de IBM Jazz Team Server contienen una vulnerabilidad no revelada que podría permitir a un usuario autenticado presentar un mensaje personalizado en la aplicación que podría ser usado para hacer un ataque de phishing a otros usuarios. IBM X-Force ID: 192419 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192419 •
CVSS: 6.4EPSS: 0%CPEs: 38EXPL: 0CVE-2020-4920
https://notcve.org/view.php?id=CVE-2020-4920
12 Apr 2021 — IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alter... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191396 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 30EXPL: 0CVE-2021-20357
https://notcve.org/view.php?id=CVE-2021-20357
27 Jan 2021 — IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963. Los productos de IBM Jazz Foundation, son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la fu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/194963 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 30EXPL: 0CVE-2020-4865
https://notcve.org/view.php?id=CVE-2020-4865
27 Jan 2021 — IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741. Los productos de IBM Jazz Foundation, son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la fu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/190741 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 30EXPL: 0CVE-2020-4855
https://notcve.org/view.php?id=CVE-2020-4855
27 Jan 2021 — IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457. Los productos de IBM Jazz Foundation, son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la fu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/190457 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 30EXPL: 0CVE-2020-4547
https://notcve.org/view.php?id=CVE-2020-4547
27 Jan 2021 — IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315. Los productos de IBM Jazz Foundation, podrían permitir a un atacante remoto secuestrar la acción de clic de la víctima. Al persuadir a una víctima para visitar un sitio web malicios... • https://exchange.xforce.ibmcloud.com/vulnerabilities/183315 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.4EPSS: 0%CPEs: 30EXPL: 0CVE-2020-4524
https://notcve.org/view.php?id=CVE-2020-4524
27 Jan 2021 — IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434. Los productos de IBM Jazz Foundation, son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la fu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •