CVSS: 7.5EPSS: 0%CPEs: 86EXPL: 0CVE-2015-0113
https://notcve.org/view.php?id=CVE-2015-0113
27 Apr 2015 — The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational S... • http://www-01.ibm.com/support/docview.wss?uid=swg21882770 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 91EXPL: 0CVE-2014-6129
https://notcve.org/view.php?id=CVE-2014-6129
18 Mar 2015 — IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iF... • http://www-01.ibm.com/support/docview.wss?uid=swg21698247 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 91EXPL: 0CVE-2014-6131
https://notcve.org/view.php?id=CVE-2014-6131
18 Mar 2015 — IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iF... • http://www-01.ibm.com/support/docview.wss?uid=swg21698247 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 21EXPL: 0CVE-2015-0122
https://notcve.org/view.php?id=CVE-2015-0122
13 Mar 2015 — Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0123. Vulnerabilidad de XSS en IBM Rational Team Concert 2.x y 3.x anterior a 3.0.1.6 iFix 5, 4.x anterior a 4.0.7 iFix3, y 5.x anterior a 5.0.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrari... • http://www-01.ibm.com/support/docview.wss?uid=swg21698253 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 21EXPL: 0CVE-2015-0123
https://notcve.org/view.php?id=CVE-2015-0123
13 Mar 2015 — Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0122. Vulnerabilidad de XSS en IBM Rational Team Concert 2.x y 3.x anterior a 3.0.1.6 iFix 5, 4.x anterior a 4.0.7 iFix3, y 5.x anterior a 5.0.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrari... • http://www-01.ibm.com/support/docview.wss?uid=swg21698253 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 105EXPL: 0CVE-2014-3092
https://notcve.org/view.php?id=CVE-2014-3092
12 Sep 2014 — IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. IBM Jazz Team Server, utilizado en Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x anterior... • http://www-01.ibm.com/support/docview.wss?uid=swg21682787 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3050
https://notcve.org/view.php?id=CVE-2014-3050
29 Jul 2014 — IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors. IBM Rational Team Concert (RTC) 3.x anterior a 3.0.1.6 IF3 y 4.x anterior a 4.0.7 no integra debidamente con los motores build, lo que permite a usuarios remotos autenticados descubrir las credenciales a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21679192 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 54EXPL: 0CVE-2013-5404
https://notcve.org/view.php?id=CVE-2013-5404
10 Dec 2013 — Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element. Vulenrabilidad Cross-site scripting (XSS) en la aplicación de búsqueda en IBM Rational Quality Manager (RQM) 2.0 a 2.0.1.1, 3.0.1.6 3.... • http://www-01.ibm.com/support/docview.wss?uid=swg21653689 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0748
https://notcve.org/view.php?id=CVE-2012-0748
01 Oct 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified services in IBM Rational Team Concert (RTC) 4.x before 4.0.0.1 allow remote attackers to hijack the authentication of arbitrary users for requests that modify work items. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en servicios no determinado en IBM Rational Team Concert (RTC) v4.x anteriores a v4.0.0.1, permite a atacantes remotos secuestrar la autenticación de usuarios para peticiones q... • http://secunia.com/advisories/50789 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2606
https://notcve.org/view.php?id=CVE-2011-2606
30 Jun 2011 — Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165511. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Web UI in IBM Rational Team Concert (RTC) v3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un parámetro no especificado, también conocido cómo Work Item 165511. • http://secunia.com/advisories/44926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •