CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1762
https://notcve.org/view.php?id=CVE-2018-1762
29 Nov 2018 — IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148616. IBM Rational Collaborative Lifecycle Management desde la versión 5.0 hasta la 5.0.2 y desde la versión 6.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting (XSS).... • http://www.securityfocus.com/bid/106053 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1694
https://notcve.org/view.php?id=CVE-2018-1694
06 Nov 2018 — IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Ration... • http://www.ibm.com/support/docview.wss?uid=ibm10738301 •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1606
https://notcve.org/view.php?id=CVE-2018-1606
06 Nov 2018 — IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM ... • http://www.ibm.com/support/docview.wss?uid=ibm10738301 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1846
https://notcve.org/view.php?id=CVE-2018-1846
02 Nov 2018 — IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945. IBM Rational Engineering Lifecycle Manager de la versión 5.0 a la 5.0.2 y de la versión 6.0 a la 6.0.6 es vulnerable a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacant... • http://www.ibm.com/support/docview.wss?uid=ibm10738075 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1558
https://notcve.org/view.php?id=CVE-2018-1558
02 Oct 2018 — IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956. IBM Rational Collaborative Lifecycle Management, de la versión 5.0 a la 5.02 y desde la versión 6.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting (XSS). Esta vu... • http://www.ibm.com/support/docview.wss?uid=ibm10732477 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1539
https://notcve.org/view.php?id=CVE-2018-1539
25 Sep 2018 — IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561. IBM Rational Engineering Lifecycle Manager, desde la versión 5.0 hasta la 5.02 y desde la versión 6.0 hasta la 6.0.6, podría permitir que atacantes remotos omitan la autenticación mediante una petición directa o navegación forzada a una página distinta de la URL planeada. IBM ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/142561 • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1560
https://notcve.org/view.php?id=CVE-2018-1560
25 Sep 2018 — IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142958. IBM Rational Engineering Lifecycle Manager, de la versión 5.0 a la 5.02 y desde la versión 6.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilida... • https://exchange.xforce.ibmcloud.com/vulnerabilities/142958 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1659
https://notcve.org/view.php?id=CVE-2018-1659
25 Sep 2018 — IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144885. IBM Rational Engineering Lifecycle Manager, de la versión 5.0 a la 5.02 y desde la versión 6.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilida... • https://exchange.xforce.ibmcloud.com/vulnerabilities/144885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1588
https://notcve.org/view.php?id=CVE-2018-1588
25 Sep 2018 — IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143501. IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager de la versión 5.0 a la 5.02 y de la versión 6.0 a la 6.0.6) es vulnerable a ataques de tipo XML External Entity Injectio... • https://exchange.xforce.ibmcloud.com/vulnerabilities/143501 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1607
https://notcve.org/view.php?id=CVE-2018-1607
25 Sep 2018 — IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143797. IBM Rational Engineering Lifecycle Manager de la versión 5.0 a la 5.02 y de la versión 6.0 a la 6.0.6 es vulnerable a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante r... • https://exchange.xforce.ibmcloud.com/vulnerabilities/143797 • CWE-611: Improper Restriction of XML External Entity Reference •