CVSS: 6.1EPSS: 0%CPEs: 41EXPL: 0CVE-2015-7453
https://notcve.org/view.php?id=CVE-2015-7453
15 Mar 2018 — Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0... • http://www-01.ibm.com/support/docview.wss?uid=swg21982747 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 41EXPL: 0CVE-2015-7440
https://notcve.org/view.php?id=CVE-2015-7440
15 Mar 2018 — IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements... • http://www-01.ibm.com/support/docview.wss?uid=swg21982747 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.8EPSS: 0%CPEs: 41EXPL: 0CVE-2015-7471
https://notcve.org/view.php?id=CVE-2015-7471
15 Mar 2018 — Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0... • http://www-01.ibm.com/support/docview.wss?uid=swg21982747 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 130EXPL: 0CVE-2016-0219
https://notcve.org/view.php?id=CVE-2016-0219
16 Jan 2018 — XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693. Vulnerabilidad de XEE (XML External Entity) en IBM Rational Team Concert 3.0 en versiones anteriores a la 3.0.1.6 iFix7 Interim Fix 1, 4.0 en versiones anteriores a la 4.0.7 iFix10, 5.0 en versiones anteriores a la 5.... • http://www-01.ibm.com/support/docview.wss?uid=swg21983720 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 0CVE-2017-1365
https://notcve.org/view.php?id=CVE-2017-1365
27 Dec 2017 — IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858. IBM Team Concert (RTC incluido IBM Rational Collaborative Lifecycle Management 4.0, 5.0 y 6.0) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabili... • http://www.ibm.com/support/docview.wss?uid=swg22011815 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2017-1191
https://notcve.org/view.php?id=CVE-2017-1191
27 Dec 2017 — An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661. Es posible que una vulnerabilidad no revelada en las aplicaciones CLM (incluido IBM Rational Collaborative Lifecycle Management 4.0, 5.0 y 6.0) no restrinja el acceso URL. IBM X-Force ID: 123661. • http://www.ibm.com/support/docview.wss?uid=swg22011815 •
CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1546
https://notcve.org/view.php?id=CVE-2017-1546
13 Dec 2017 — IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915. IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0 y 6.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario we... • http://www.ibm.com/support/docview.wss?uid=swg22010321 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 108EXPL: 0CVE-2017-1507
https://notcve.org/view.php?id=CVE-2017-1507
11 Dec 2017 — IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619. IBM Jazz Foundation Products podría revelar información sensible durante un escaneo que podría conducir a más ataques contra el sistema. IBM X-Force ID: 129619. • http://www.ibm.com/support/docview.wss?uid=swg22010627 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1461
https://notcve.org/view.php?id=CVE-2017-1461
27 Nov 2017 — IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128460. IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 y 6.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web,... • http://www.ibm.com/support/docview.wss?uid=swg22010321 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 108EXPL: 0CVE-2017-1570
https://notcve.org/view.php?id=CVE-2017-1570
27 Nov 2017 — IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852. Los productos IBM Jazz Foundation podrían permitir que un usuario autenticado obtenga información sensible de seguimientos de pila. IBM X-Force ID: 131852. • http://www.ibm.com/support/docview.wss?uid=swg22010512 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •