CVE-2015-7440
https://notcve.org/view.php?id=CVE-2015-7440
IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors. IBM X-Force ID: 108098. IBM Rational Collaborative Lifecycle Management (CLM) en versiones 3.0.1 anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x anteriores a 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6 y 4.0.7 anteriores a iFix10, 5.0.x anteriores a 5.0.2 iFix1 y 6.0.x anteriores a 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4 podrían permitir que los usuarios locales obtengan privilegios mediante vectores sin especificar. IBM X-Force ID: 108098. • http://www-01.ibm.com/support/docview.wss?uid=swg21982747 https://exchange.xforce.ibmcloud.com/vulnerabilities/108098 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-0219
https://notcve.org/view.php?id=CVE-2016-0219
XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693. Vulnerabilidad de XEE (XML External Entity) en IBM Rational Team Concert 3.0 en versiones anteriores a la 3.0.1.6 iFix7 Interim Fix 1, 4.0 en versiones anteriores a la 4.0.7 iFix10, 5.0 en versiones anteriores a la 5.0.2 iFix15 y 6.0 en versiones anteriores a la 6.0.1 iFix4 permite que usuarios autenticados remotos provoquen una denegación de servicio (DoS) mediante datos XML manipulados. IBM X-Force ID: 109693. • http://www-01.ibm.com/support/docview.wss?uid=swg21983720 https://exchange.xforce.ibmcloud.com/vulnerabilities/109693 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2017-1546
https://notcve.org/view.php?id=CVE-2017-1546
IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915. IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0 y 6.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22010321 http://www.securityfocus.com/bid/101895 https://exchange.xforce.ibmcloud.com/vulnerabilities/130915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1338
https://notcve.org/view.php?id=CVE-2017-1338
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126246. IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 y 6.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, alterando las funcionalidades planeadas. • http://www.ibm.com/support/docview.wss?uid=swg22004138 http://www.securityfocus.com/bid/100353 https://exchange.xforce.ibmcloud.com/vulnerabilities/126246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1247
https://notcve.org/view.php?id=CVE-2017-1247
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124627. IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 y 6.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código Javascript aleatorio en la interfaz Web, lo que alterará la funcionalidad planeada potencialmente llevando a la revelación de credenciales dentro de una sesión confiable. • http://www.ibm.com/support/docview.wss?uid=swg22002809 http://www.securityfocus.com/bid/99002 https://exchange.xforce.ibmcloud.com/vulnerabilities/124627 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •