CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2017-1113
https://notcve.org/view.php?id=CVE-2017-1113
05 Jul 2017 — IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121151. Rational Team Concert (RTC) versiones 4.0, 5.0 y 6.0 de IBM , es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la... • http://www.ibm.com/support/docview.wss?uid=swg22004611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2016-9746
https://notcve.org/view.php?id=CVE-2016-9746
05 Jul 2017 — IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119821. IBM Team Concert (RTC) versiones 4.0, 5.0 y 6.0, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario W... • http://www.ibm.com/support/docview.wss?uid=swg22004611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 102EXPL: 0CVE-2016-9973
https://notcve.org/view.php?id=CVE-2016-9973
13 Jun 2017 — IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209. Jazz Foundation de IBM es vulnerable a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, lo que altera la funcionalidad deseada que... • http://www.ibm.com/support/docview.wss?uid=swg22004534 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0CVE-2017-1099
https://notcve.org/view.php?id=CVE-2017-1099
13 Jun 2017 — IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659. Jazz Foundation de IBM, podría exponer información potencialmente confidencial a los usuarios autenticados por medio de condiciones de error de rastreo de pila. ID de IBM X-Force: 120659. • http://www.ibm.com/support/docview.wss?uid=swg22004534 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0CVE-2016-9735
https://notcve.org/view.php?id=CVE-2016-9735
15 May 2017 — IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781, IBM Jazz Foundation podría permitir que un usuario autenticado obtenga información confidencial de las trazas de pila. IBM X-Force ID: 119781 • http://www.ibm.com/support/docview.wss?uid=swg22003064 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 29EXPL: 0CVE-2016-6035
https://notcve.org/view.php?id=CVE-2016-6035
10 May 2017 — IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896. IBM Rational Quality Manager es vulnerable a XSS. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que conduciría a la divu... • http://www.ibm.com/support/docview.wss?uid=swg22002429 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 29EXPL: 0CVE-2017-1103
https://notcve.org/view.php?id=CVE-2017-1103
10 May 2017 — IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665. IBM Team Concert (RTC) es vulnerable a una denegación de servicio, causada por un error XML Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer informa... • http://www.ibm.com/support/docview.wss?uid=swg22002429 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.8EPSS: 0%CPEs: 29EXPL: 0CVE-2016-6037
https://notcve.org/view.php?id=CVE-2016-6037
10 May 2017 — IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918. IBM Rational Team Concert (RTC) es vulnerable a inyección HTML. Un atacante remoto con privilegios de administrador de proyecto podría enviar un proyecto con código HTML malicioso, q... • http://www.ibm.com/support/docview.wss?uid=swg22002429 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 109EXPL: 0CVE-2016-9707
https://notcve.org/view.php?id=CVE-2016-9707
31 Mar 2017 — IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784. IBM Jazz Foundation es vulnerable a una denegación de servicio, causada por un error de XML Entity Injection XXE XML al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer inform... • http://www.securityfocus.com/bid/97171 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 92EXPL: 0CVE-2016-2987
https://notcve.org/view.php?id=CVE-2016-2987
01 Feb 2017 — An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. Una vulnerabilidad no revelada en las aplicaciones CLM puede provocar que algunos parámetros de implementación administrativa se muestren a un atacante. • http://www.securityfocus.com/bid/95109 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •