Page 14 of 79 results (0.006 seconds)

CVSS: 8.1EPSS: 0%CPEs: 29EXPL: 0

IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665. IBM Team Concert (RTC) es vulnerable a una denegación de servicio, causada por un error XML Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir todos los recursos de memoria disponibles. • http://www.ibm.com/support/docview.wss?uid=swg22002429 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.4EPSS: 0%CPEs: 29EXPL: 0

IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896. IBM Rational Quality Manager es vulnerable a XSS. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que conduciría a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22002429 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 0%CPEs: 109EXPL: 0

IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784. IBM Jazz Foundation es vulnerable a una denegación de servicio, causada por un error de XML Entity Injection XXE XML al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir todos los recursos de memoria disponibles. • http://www.securityfocus.com/bid/97171 https://www.ibm.com/support/docview.wss?uid=swg22000784 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 4.3EPSS: 0%CPEs: 92EXPL: 0

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. Una vulnerabilidad no revelada en las aplicaciones CLM puede provocar que algunos parámetros de implementación administrativa se muestren a un atacante. • http://www.securityfocus.com/bid/95109 https://www.ibm.com/support/docview.wss?uid=swg21996097 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 101EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Rational Collaborative Lifecycle Management 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Quality Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Team Concert 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21993444 http://www.securityfocus.com/bid/94146 http://www.securitytracker.com/id/1037276 http://www.securitytracker.com/id/1037277 http://www.securitytracker.com/id/1037278 http://www.securitytracker.com/id/1037279 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •