Page 27 of 136 results (0.009 seconds)

CVSS: 3.5EPSS: 0%CPEs: 53EXPL: 0

Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad XSS en Jazz Team Server en Jazz Foundation en IBM Rational Collaborative Lifecycle Management (CLM) en la versión 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5; Rational Quality Manager (RQM) 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5; Rational Team Concert (RTC) 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x través de 4.0.7; y Rational DOORS Next Generation (RDNG) 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5, permite a atacantes remotos inyectar secuencias de comandos o HTML arbitrario por medio de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21960407 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 160EXPL: 0

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Jazz Team Server en Jazz Foundation en Rational Collaborative Lifecycle Management (CLM) de IBM versión 3.0.1, versiones 4.x y anteriores a 4.0.7 IF5 y versiones 5.x y anteriores a 5.0.2 IF4; Rational Quality Manager (RQM) versiones 2.0 hasta 2.0.1, versiones 3.0 hasta 3.0.1.6, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; Rational Team Concert (RTC) versiones 2.0 hasta 2.0.0.2, versiones 3.x y anteriores a 3.0.1.6 IF6, versiones 4.x y anteriores a 4.0.7 IF5, y versiones 5.x y anteriores a 5.0.2 IF4; Rational Requirements Composer (RRC) versiones 2.0 hasta 2.0.0.4, versiones 3.x y anteriores a 3.0.1.6 IF6, y versiones 4.0 hasta 4.0.7; Rational DOORS Next Generation (RDNG) versiones 4.x y anteriores a 4.0.7 IF5 y versiones 5.x y anteriores a 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) versiones 1.0 hasta 1.0.0.1, versiones 4.0.3 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; Rational Rhapsody Design Manager (DM) versiones 3.0 hasta 3.0.1, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; y Rational Software Architect Design Manager (RSA DM) versiones 3.0 hasta 3.0.1, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2, permite a los usuarios autenticados remotos leer archivos arbitrarios por medio de una declaración de tipo XML external entity en conjunto con una referencia de entidad, relacionada con un problema de tipo XML External Entity (XXE). • http://www-01.ibm.com/support/docview.wss?uid=swg21957763 •

CVSS: 5.0EPSS: 0%CPEs: 86EXPL: 0

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request. El sistema de ayuda de Jazz en IBM Rational Collaborative Lifecycle Management 4.0 hasta 5.0.2, Rational Quality Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Team Concert 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Requirements Composer 4.0 hasta 4.0.7, Rational DOORS Next Generation 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Rhapsody Design Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, y Rational Software Architect Design Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2 permite a atacantes remotos leer código JSP de fuente a través de una solicitud manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21882770 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 0%CPEs: 91EXPL: 0

IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors. IBM Rational Jazz Team Server (JTS), utilixado en Rational Collaborative Lifecycle Management 3.x y 4.x y 4.0.7 iFix4 y 5.x anterior a 5.0.2 iFix2; Rational Quality Manager 2.x y 3.x anterior a 3.0.1.6 iFix5, 4.x anterior a 4.0.7 iFix4, y 5.x anterior a 5.0.2 iFix2; Rational Team Concert 2.x y 3.x anterior a 3.0.1.6 iFix5, 4.x anterior a 4.0.7 iFix4, y 5.x anterior a 5.0.2 iFix2; Rational DOORS Next Generation 4.x anterior a 4.0.7 iFix4 y 5.x anterior a 5.0.2 iFix2; Rational Requirements Composer 2.x y 3.x anterior a 3.0.1.6 iFix5; y otros productos, permite a usuarios remotos autenticados leer los paneles de control de usuarios arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21698247 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 91EXPL: 0

IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors. IBM Rational Jazz Team Server (JTS), utilizado en Rational Collaborative Lifecycle Management 3.x y 4.x anterior a 4.0.7 iFix4 y 5.x anterior a 5.0.2 iFix2; Rational Quality Manager 2.x y 3.x anterior a 3.0.1.6 iFix5, 4.x anterior a 4.0.7 iFix4, y 5.x anterior a 5.0.2 iFix2; Rational Team Concert 2.x y 3.x anterior a 3.0.1.6 iFix5, 4.x anterior a 4.0.7 iFix4, y 5.x anterior a 5.0.2 iFix2; Rational DOORS Next Generation 4.x anterior a 4.0.7 iFix4 y 5.x anterior a 5.0.2 iFix2; Rational Requirements Composer 2.x y 3.x anterior a 3.0.1.6 iFix5; y otros productos, permite a usuarios remotos autenticados eliminar los paneles de control de usuarios arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21698247 • CWE-264: Permissions, Privileges, and Access Controls •