CVE-2016-9707
https://notcve.org/view.php?id=CVE-2016-9707
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784. IBM Jazz Foundation es vulnerable a una denegación de servicio, causada por un error de XML Entity Injection XXE XML al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir todos los recursos de memoria disponibles. • http://www.securityfocus.com/bid/97171 https://www.ibm.com/support/docview.wss?uid=swg22000784 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2016-6055
https://notcve.org/view.php?id=CVE-2016-6055
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1995515. IBM Rational DOORS Next Generation 4.0, 5.0 y 6.0 es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz web alterando así la funcionalidad prevista conduciendo potencialmente a divulgación de credenciales en una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21995515 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-6060
https://notcve.org/view.php?id=CVE-2016-6060
An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547. Una vulnerabilidad no revelada en IBM Rational DOORS Next Generation 4.0, 5.0 y 6.0 podría permitir a un usuario JazzGuest ver nombres de proyectos. IBM Referencia #: 1995547. • http://www.ibm.com/support/docview.wss?uid=swg21995547 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-9748
https://notcve.org/view.php?id=CVE-2016-9748
IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system. IBM Rational DOORS Next Generation 5.0 y 6.0 revela información sensible en mensajes de respuesta a errores que puede ser usada para otros ataques contra el sistema. • http://www.ibm.com/support/docview.wss?uid=swg21991461 http://www.securityfocus.com/bid/96074 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-1128
https://notcve.org/view.php?id=CVE-2017-1128
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Rational DOORS Next Generation 4.0, 5.0 y 6.0 es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz Web alterando así la funcionalidad intencionada conduciendo potencialmente a la divulgación de credenciales en una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21996645 http://www.securityfocus.com/bid/96017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •