CVE-2015-1928
https://notcve.org/view.php?id=CVE-2015-1928
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; and Rational Software Architect Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. Jazz Team Server en Jazz Foundation en IBM Rational Collaborative Lifecycle Management (CLM) 3.x y 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF11 y 6.x en versiones anteriores a 6.0.0 IF4; Rational Quality Manager (RQM) 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF11 y 6.0 en versiones anteriores a 6.0.0 IF4; Rational Team Concert (RTC) 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF11 y 6.0 en versiones anteriores a 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x en versiones anteriores a 3.0.1.6 IF7 y 4.x en versiones anteriores a 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF11 y 6.0 en versiones anteriores a 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 hasta la versión 4.0.7, 5.0 hasta la versión 5.0.2 y 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 hasta la versión 4.0.7, 5.0 hasta la versión 5.0.2 y 6.0.0; y Rational Software Architect Design Manager (DM) 4.0 hasta la versión 4.0.7, 5.0 hasta la versión 5.0.2 y 6.0.0 permite a usuarios remotos autenticados llevar a cabo ataques de secuestro de clic a través de una página web manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21973200 http://www.securitytracker.com/id/1034565 http://www.securitytracker.com/id/1034566 http://www.securitytracker.com/id/1034567 http://www.securitytracker.com/id/1034568 • CWE-20: Improper Input Validation •