CVSS: 3.5EPSS: 0%CPEs: 53EXPL: 0CVE-2015-0130
https://notcve.org/view.php?id=CVE-2015-0130
Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad XSS en Jazz Team Server en Jazz Foundation en IBM Rational Collaborative Lifecycle Management (CLM) en la versión 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5; Rational Quality Manager (RQM) 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5; Rational Team Concert (RTC) 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x través de 4.0.7; y Rational DOORS Next Generation (RDNG) 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5, permite a atacantes remotos inyectar secuencias de comandos o HTML arbitrario por medio de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21960407 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 160EXPL: 0CVE-2015-0112
https://notcve.org/view.php?id=CVE-2015-0112
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Jazz Team Server en Jazz Foundation en Rational Collaborative Lifecycle Management (CLM) de IBM versión 3.0.1, versiones 4.x y anteriores a 4.0.7 IF5 y versiones 5.x y anteriores a 5.0.2 IF4; Rational Quality Manager (RQM) versiones 2.0 hasta 2.0.1, versiones 3.0 hasta 3.0.1.6, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; Rational Team Concert (RTC) versiones 2.0 hasta 2.0.0.2, versiones 3.x y anteriores a 3.0.1.6 IF6, versiones 4.x y anteriores a 4.0.7 IF5, y versiones 5.x y anteriores a 5.0.2 IF4; Rational Requirements Composer (RRC) versiones 2.0 hasta 2.0.0.4, versiones 3.x y anteriores a 3.0.1.6 IF6, y versiones 4.0 hasta 4.0.7; Rational DOORS Next Generation (RDNG) versiones 4.x y anteriores a 4.0.7 IF5 y versiones 5.x y anteriores a 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) versiones 1.0 hasta 1.0.0.1, versiones 4.0.3 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; Rational Rhapsody Design Manager (DM) versiones 3.0 hasta 3.0.1, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; y Rational Software Architect Design Manager (RSA DM) versiones 3.0 hasta 3.0.1, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2, permite a los usuarios autenticados remotos leer archivos arbitrarios por medio de una declaración de tipo XML external entity en conjunto con una referencia de entidad, relacionada con un problema de tipo XML External Entity (XXE). • http://www-01.ibm.com/support/docview.wss?uid=swg21957763 •
CVSS: 5.0EPSS: 0%CPEs: 86EXPL: 0CVE-2015-0113
https://notcve.org/view.php?id=CVE-2015-0113
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request. El sistema de ayuda de Jazz en IBM Rational Collaborative Lifecycle Management 4.0 hasta 5.0.2, Rational Quality Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Team Concert 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Requirements Composer 4.0 hasta 4.0.7, Rational DOORS Next Generation 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Rhapsody Design Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, y Rational Software Architect Design Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2 permite a atacantes remotos leer código JSP de fuente a través de una solicitud manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21882770 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 25EXPL: 0CVE-2015-0124
https://notcve.org/view.php?id=CVE-2015-0124
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0128. Vulnerabilidad de XSS en IBM Rational Quality Manager 2.x y 3.x en versiones anteriores a 3.0.1.6 iFix4, 4.x en versiones anteriores a 4.0.7 iFix3 y 5.x en versiones anteriores a 5.0.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, una vulnerabilidad diferente a CVE-2015-0128. • http://www-01.ibm.com/support/docview.wss?uid=swg21696927 http://www.securityfocus.com/bid/73103 http://www.securitytracker.com/id/1031885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 25EXPL: 0CVE-2015-0128
https://notcve.org/view.php?id=CVE-2015-0128
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0124. Vulnerabilidad de XSS en IBM Rational Quality Manager 2.x y 3.x en versiones anteriores a 3.0.1.6 iFix4, 4.x en versiones anteriores a 4.0.7 iFix3 y 5.x en versiones anteriores a 5.0.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, una vulnerabilidad diferente a CVE-2015-0124. • http://www-01.ibm.com/support/docview.wss?uid=swg21697126 http://www.securitytracker.com/id/1031885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •