CVSS: 3.5EPSS: 0%CPEs: 21EXPL: 0CVE-2014-0846
https://notcve.org/view.php?id=CVE-2014-0846
Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Rational Requirements Composer 3.x anterior a 3.0.1.6 iFix2 y 4.x anterior a 4.0.6 y Rational DOORS Next Generation 4.x anterior a 4.0.6 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21664412 http://www.securityfocus.com/bid/65917 https://exchange.xforce.ibmcloud.com/vulnerabilities/90720 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 21EXPL: 0CVE-2014-0845
https://notcve.org/view.php?id=CVE-2014-0845
Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Vulnerabilidad de redirección abierta en IBM Rational Requirements Composer 3.x anterior a 3.0.1.6 iFix2 y 4.x anterior a 4.0.6 y Rational DOORS Next Generation 4.x anterior a 4.0.6 permite a usuarios remotos autenticados redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21664412 http://www.securityfocus.com/bid/65916 https://exchange.xforce.ibmcloud.com/vulnerabilities/90719 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 21EXPL: 0CVE-2014-0844
https://notcve.org/view.php?id=CVE-2014-0844
Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors. Vulnerabilidad no especificada en IBM Rational Requirements Composer 3.x anterior a 3.0.1.6 iFix2 y 4.x anterior a 4.0.6 y Rational DOORS Next Generation 4.x anterior a 4.0.6 permite a usuarios remotos autenticados leer datos arbitrarios a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21664412 https://exchange.xforce.ibmcloud.com/vulnerabilities/90718 •