CVSS: 2.1EPSS: 0%CPEs: 16EXPL: 0CVE-2013-3043
https://notcve.org/view.php?id=CVE-2013-3043
Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files. Vulnerabilidad de recorrido de directorios en el cliente de IBM Rational Software Architect Manager y Rhapsody Design Manager 3.x y 4.x (anteriores a 4.0.5) permite a usuarios locales leer archivos de forma arbitraria a través de vectores que involucran archivos temporales. • http://www-01.ibm.com/support/docview.wss?uid=swg21655724 https://exchange.xforce.ibmcloud.com/vulnerabilities/84769 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 2.1EPSS: 0%CPEs: 16EXPL: 0CVE-2013-3042
https://notcve.org/view.php?id=CVE-2013-3042
Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files. Vulnerabilidad de recorrido de directorios en el servidor IBM Rational Software Architect Design Manager y Rhapsody Design Manager 3.x y 4.x (anteriores a 4.0.5) permite a usuarios locales leer archivos a traves de vectores que involucran archivos temporales. • http://www-01.ibm.com/support/docview.wss?uid=swg21655724 https://exchange.xforce.ibmcloud.com/vulnerabilities/84768 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2009-4052
https://notcve.org/view.php?id=CVE-2009-4052
Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en JSF Widget Library Runtime de IBM Rational Application Developer de WebSphere Software en versiones anteriores a la v7.0.0.10 y Rational Software Architect en versiones anteriores a la v7.0.0.10 permiten a los usuarios remotos inyectar codigo de script web o código HTML a través de vectores de ataque que involucran (1) JSF Tree Control y (2) JavaScript Resource Servlet. • http://secunia.com/advisories/37442 http://www-01.ibm.com/support/docview.wss?uid=swg1PK90616 http://www-01.ibm.com/support/docview.wss?uid=swg1PK94324 http://www-01.ibm.com/support/docview.wss?uid=swg27012378 http://www-01.ibm.com/support/docview.wss?uid=swg27012558 http://www.osvdb.org/60319 http://www.securityfocus.com/bid/37083 https://exchange.xforce.ibmcloud.com/vulnerabilities/54360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •