CVE-2015-0113
https://notcve.org/view.php?id=CVE-2015-0113
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request. El sistema de ayuda de Jazz en IBM Rational Collaborative Lifecycle Management 4.0 hasta 5.0.2, Rational Quality Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Team Concert 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Requirements Composer 4.0 hasta 4.0.7, Rational DOORS Next Generation 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Rhapsody Design Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, y Rational Software Architect Design Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2 permite a atacantes remotos leer código JSP de fuente a través de una solicitud manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21882770 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-0132
https://notcve.org/view.php?id=CVE-2015-0132
The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. El analizador sintáctico de XML en IBM Rational DOORS Next Generation 4.x anterior a 4.0.7 iFix3 y 5.x anterior a 5.0.2 y Rational Requirements Composer 2.x y 3.x anterior a 3.0.1.6 iFix5 y 4.x anterior a 4.0.7 iFix3 no detecta correctamente la recursión durante la expansión de entidades, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un documento XML que contiene un número grande de referencias de entidad anidadas, un problema similar a CVE-2003-1564. • http://www-01.ibm.com/support/docview.wss?uid=swg21698248 • CWE-399: Resource Management Errors •
CVE-2014-6131
https://notcve.org/view.php?id=CVE-2014-6131
IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors. IBM Rational Jazz Team Server (JTS), utilixado en Rational Collaborative Lifecycle Management 3.x y 4.x y 4.0.7 iFix4 y 5.x anterior a 5.0.2 iFix2; Rational Quality Manager 2.x y 3.x anterior a 3.0.1.6 iFix5, 4.x anterior a 4.0.7 iFix4, y 5.x anterior a 5.0.2 iFix2; Rational Team Concert 2.x y 3.x anterior a 3.0.1.6 iFix5, 4.x anterior a 4.0.7 iFix4, y 5.x anterior a 5.0.2 iFix2; Rational DOORS Next Generation 4.x anterior a 4.0.7 iFix4 y 5.x anterior a 5.0.2 iFix2; Rational Requirements Composer 2.x y 3.x anterior a 3.0.1.6 iFix5; y otros productos, permite a usuarios remotos autenticados leer los paneles de control de usuarios arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21698247 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-6129
https://notcve.org/view.php?id=CVE-2014-6129
IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors. IBM Rational Jazz Team Server (JTS), utilizado en Rational Collaborative Lifecycle Management 3.x y 4.x anterior a 4.0.7 iFix4 y 5.x anterior a 5.0.2 iFix2; Rational Quality Manager 2.x y 3.x anterior a 3.0.1.6 iFix5, 4.x anterior a 4.0.7 iFix4, y 5.x anterior a 5.0.2 iFix2; Rational Team Concert 2.x y 3.x anterior a 3.0.1.6 iFix5, 4.x anterior a 4.0.7 iFix4, y 5.x anterior a 5.0.2 iFix2; Rational DOORS Next Generation 4.x anterior a 4.0.7 iFix4 y 5.x anterior a 5.0.2 iFix2; Rational Requirements Composer 2.x y 3.x anterior a 3.0.1.6 iFix5; y otros productos, permite a usuarios remotos autenticados eliminar los paneles de control de usuarios arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21698247 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-0125
https://notcve.org/view.php?id=CVE-2015-0125
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 4.x before 4.0.7 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Rational DOORS Next Generation 4.x anterior a 4.0.7 iFix3 y 5.x anterior a 5.0.2 y Rational Requirements Composer 4.x anterior a 4.0.7 iFix3 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21697297 http://www.securityfocus.com/bid/73105 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •