CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1606
https://notcve.org/view.php?id=CVE-2018-1606
06 Nov 2018 — IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM ... • http://www.ibm.com/support/docview.wss?uid=ibm10738301 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1558
https://notcve.org/view.php?id=CVE-2018-1558
02 Oct 2018 — IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956. IBM Rational Collaborative Lifecycle Management, de la versión 5.0 a la 5.02 y desde la versión 6.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting (XSS). Esta vu... • http://www.ibm.com/support/docview.wss?uid=ibm10732477 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1492
https://notcve.org/view.php?id=CVE-2018-1492
10 Jul 2018 — IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977. Los productos IBM Jazz Foundation podrían permitir que un usuario con acceso físico al sistema inicie sesión como otro usuario debido al error del servidor a la hora de cerrar la sesión anterior correctamente. IBM X-Force ID: 140977. • http://www.ibm.com/support/docview.wss?uid=ibm10716599 • CWE-384: Session Fixation •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1423
https://notcve.org/view.php?id=CVE-2018-1423
10 Jul 2018 — IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026. Los productos IBM Jazz Foundation podrían revelar información sensible a un atacante autenticado que podría conducir a más ataques contra el sistema. IBM X-Force ID: 139026. • http://www.ibm.com/support/docview.wss?uid=ibm10716599 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0CVE-2017-1237
https://notcve.org/view.php?id=CVE-2017-1237
06 Jul 2018 — IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355. Las aplicaciones basadas en IBM Jazz son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalida... • https://exchange.xforce.ibmcloud.com/vulnerabilities/124355 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2017-1509
https://notcve.org/view.php?id=CVE-2017-1509
06 Jul 2018 — IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719. Los productos IBM Jazz Foundation podrían permitir que un usuario autenticado obtenga información sensible de una traza de pila que se podría utilizar para futuros ataques. IBM X-Force ID: 129719. • https://exchange.xforce.ibmcloud.com/vulnerabilities/129719 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2017-1488
https://notcve.org/view.php?id=CVE-2017-1488
06 Jul 2018 — An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627. Existe una vulnerabilidad no conocida en los productos comunes de Jazz que podría permitir la divulgación de información. IBM X-Force ID: 128627. • https://exchange.xforce.ibmcloud.com/vulnerabilities/128627 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2017-1559
https://notcve.org/view.php?id=CVE-2017-1559
06 Jul 2018 — Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758. Múltiples productos de IBM Rational podrían permitir que un atacante que intercepte peticiones vulnerables divulgue información sensible. IBM X-Force ID: 131758. • https://exchange.xforce.ibmcloud.com/vulnerabilities/131758 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2017-1690
https://notcve.org/view.php?id=CVE-2017-1690
03 Jul 2018 — IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134065. IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versión 5.0 hasta la 5.0.2 y desde la versió... • https://exchange.xforce.ibmcloud.com/vulnerabilities/134065 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2017-1691
https://notcve.org/view.php?id=CVE-2017-1691
03 Jul 2018 — IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134066. IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versión 5.0 hasta la 5.0.2 y desde la versió... • https://exchange.xforce.ibmcloud.com/vulnerabilities/134066 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •