Page 14 of 74 results (0.016 seconds)

CVSS: 4.3EPSS: 0%CPEs: 131EXPL: 0

Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Team Concert (RTC) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Requirements Composer (RRC) 2.x and 3.x before 3.0.1.6 IF7 and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0; and Rational Software Architect Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote attackers to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en Jazz Team Server en Jazz Foundation en IBM Rational Collaborative Lifecycle Management (CLM) 3.x y 4.x en versiones anteriores a 4.0.7 IF8 y 5.x en versiones anteriores a 5.0.2 IF10; Rational Quality Manager (RQM) 2.x y 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF8 y 5.x en versiones anteriores a 5.0.2 IF10; Rational Team Concert (RTC) 2.x y 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF8 y 5.x en versiones anteriores a 5.0.2 IF10; Rational Requirements Composer (RRC) 2.x y 3.x en versiones anteriores a 3.0.1.6 IF7 y 4.0 hasta la versión 4.0.7; Rational DOORS Next Generation (RDNG) 4.x en versiones anteriores a 4.0.7 IF8 y 5.x en versiones anteriores a 5.0.2 IF10; Rational Engineering Lifecycle Manager (RELM) 1.0 hasta la versión 1.0.0.1, 4.0.3 hasta la versión 4.0.7 y 5.0 hasta la versión 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 hasta la versión 3.0.1, 4.0 hasta la versión 4.0.7, 5.0 hasta la versión 5.0.2 y 6.0 y Rational Software Architect Design Manager (DM) 3.0 hasta la versión 3.0.1, 4.0 hasta la versión 4.0.7 y 5.0 hasta la versión 5.0.2 permite a atacantes remotos provocar una denegación de servicio a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21971164 •

CVSS: 6.8EPSS: 0%CPEs: 131EXPL: 0

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; and Rational Software Architect Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. Jazz Team Server en Jazz Foundation en IBM Rational Collaborative Lifecycle Management (CLM) 3.x y 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF11 y 6.x en versiones anteriores a 6.0.0 IF4; Rational Quality Manager (RQM) 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF11 y 6.0 en versiones anteriores a 6.0.0 IF4; Rational Team Concert (RTC) 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF11 y 6.0 en versiones anteriores a 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x en versiones anteriores a 3.0.1.6 IF7 y 4.x en versiones anteriores a 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF11 y 6.0 en versiones anteriores a 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 hasta la versión 4.0.7, 5.0 hasta la versión 5.0.2 y 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 hasta la versión 4.0.7, 5.0 hasta la versión 5.0.2 y 6.0.0; y Rational Software Architect Design Manager (DM) 4.0 hasta la versión 4.0.7, 5.0 hasta la versión 5.0.2 y 6.0.0 permite a usuarios remotos autenticados llevar a cabo ataques de secuestro de clic a través de una página web manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21973200 http://www.securitytracker.com/id/1034565 http://www.securitytracker.com/id/1034566 http://www.securitytracker.com/id/1034567 http://www.securitytracker.com/id/1034568 • CWE-20: Improper Input Validation •

CVSS: 3.5EPSS: 0%CPEs: 53EXPL: 0

Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad XSS en Jazz Team Server en Jazz Foundation en IBM Rational Collaborative Lifecycle Management (CLM) en la versión 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5; Rational Quality Manager (RQM) 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5; Rational Team Concert (RTC) 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x través de 4.0.7; y Rational DOORS Next Generation (RDNG) 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5, permite a atacantes remotos inyectar secuencias de comandos o HTML arbitrario por medio de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21960407 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 160EXPL: 0

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Jazz Team Server en Jazz Foundation en Rational Collaborative Lifecycle Management (CLM) de IBM versión 3.0.1, versiones 4.x y anteriores a 4.0.7 IF5 y versiones 5.x y anteriores a 5.0.2 IF4; Rational Quality Manager (RQM) versiones 2.0 hasta 2.0.1, versiones 3.0 hasta 3.0.1.6, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; Rational Team Concert (RTC) versiones 2.0 hasta 2.0.0.2, versiones 3.x y anteriores a 3.0.1.6 IF6, versiones 4.x y anteriores a 4.0.7 IF5, y versiones 5.x y anteriores a 5.0.2 IF4; Rational Requirements Composer (RRC) versiones 2.0 hasta 2.0.0.4, versiones 3.x y anteriores a 3.0.1.6 IF6, y versiones 4.0 hasta 4.0.7; Rational DOORS Next Generation (RDNG) versiones 4.x y anteriores a 4.0.7 IF5 y versiones 5.x y anteriores a 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) versiones 1.0 hasta 1.0.0.1, versiones 4.0.3 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; Rational Rhapsody Design Manager (DM) versiones 3.0 hasta 3.0.1, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; y Rational Software Architect Design Manager (RSA DM) versiones 3.0 hasta 3.0.1, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2, permite a los usuarios autenticados remotos leer archivos arbitrarios por medio de una declaración de tipo XML external entity en conjunto con una referencia de entidad, relacionada con un problema de tipo XML External Entity (XXE). • http://www-01.ibm.com/support/docview.wss?uid=swg21957763 •

CVSS: 5.0EPSS: 0%CPEs: 86EXPL: 0

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request. El sistema de ayuda de Jazz en IBM Rational Collaborative Lifecycle Management 4.0 hasta 5.0.2, Rational Quality Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Team Concert 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Requirements Composer 4.0 hasta 4.0.7, Rational DOORS Next Generation 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Rhapsody Design Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, y Rational Software Architect Design Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2 permite a atacantes remotos leer código JSP de fuente a través de una solicitud manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21882770 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •