CVSS: 5.3EPSS: 0%CPEs: 105EXPL: 0CVE-2014-3092
https://notcve.org/view.php?id=CVE-2014-3092
12 Sep 2014 — IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. IBM Jazz Team Server, utilizado en Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x anterior... • http://www-01.ibm.com/support/docview.wss?uid=swg21682787 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2014-0844
https://notcve.org/view.php?id=CVE-2014-0844
04 Mar 2014 — Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors. Vulnerabilidad no especificada en IBM Rational Requirements Composer 3.x anterior a 3.0.1.6 iFix2 y 4.x anterior a 4.0.6 y Rational DOORS Next Generation 4.x anterior a 4.0.6 permite a usuarios remotos autenticados leer datos arbitrarios a través de vectores desconocido... • http://www-01.ibm.com/support/docview.wss?uid=swg21664412 •
CVSS: 5.4EPSS: 0%CPEs: 21EXPL: 0CVE-2014-0845
https://notcve.org/view.php?id=CVE-2014-0845
04 Mar 2014 — Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Vulnerabilidad de redirección abierta en IBM Rational Requirements Composer 3.x anterior a 3.0.1.6 iFix2 y 4.x anterior a 4.0.6 y Rational DOORS Next Generation 4.x anterior a 4.0.6 permite a usuarios remotos autenticados r... • http://www-01.ibm.com/support/docview.wss?uid=swg21664412 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 21EXPL: 0CVE-2014-0846
https://notcve.org/view.php?id=CVE-2014-0846
04 Mar 2014 — Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Rational Requirements Composer 3.x anterior a 3.0.1.6 iFix2 y 4.x anterior a 4.0.6 y Rational DOORS Next Generation 4.x anterior a 4.0.6 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrar... • http://www-01.ibm.com/support/docview.wss?uid=swg21664412 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 54EXPL: 0CVE-2013-5404
https://notcve.org/view.php?id=CVE-2013-5404
10 Dec 2013 — Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element. Vulenrabilidad Cross-site scripting (XSS) en la aplicación de búsqueda en IBM Rational Quality Manager (RQM) 2.0 a 2.0.1.1, 3.0.1.6 3.... • http://www-01.ibm.com/support/docview.wss?uid=swg21653689 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3037
https://notcve.org/view.php?id=CVE-2013-3037
12 Sep 2013 — Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors. Vulnerabilidad sin especificar en IBM Rational Requirements Composer anterior a 4.0.4 facilita a atacantes locales escalar privilegios través de vectores desconocidos • http://www-01.ibm.com/support/docview.wss?uid=swg21645927 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3036
https://notcve.org/view.php?id=CVE-2013-3036
12 Sep 2013 — Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Vulnerabilidad de redirección abierta en IBM Rational Requirements Composer anterior a v4.0.4 permite a usuarios autenticados remotamente redireccionar a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21645927 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3038
https://notcve.org/view.php?id=CVE-2013-3038
12 Sep 2013 — Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors. Vulnerabilidad sin especificar en IBM Rational Requirements Composer anterior a 4.0.4 facilita a atacantes remotos descubrir credenciales a través de vectores desconocidos • http://www-01.ibm.com/support/docview.wss?uid=swg21645927 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3039
https://notcve.org/view.php?id=CVE-2013-3039
12 Sep 2013 — IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. IBM Rational Requirements Composer anterior a v4.0.4 no realiza una autenticación adecuada, lo cual tiene un impacto no especificado y vectores de ataque remotos. • http://www-01.ibm.com/support/docview.wss?uid=swg21645927 • CWE-287: Improper Authentication •