CVE-2016-9696
https://notcve.org/view.php?id=CVE-2016-9696
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 1999960. IBM Rhapsody DM 4.0, 5.0, y 6.0 es vulnerable a inyección de HTML. Un atacante remoto podría inyectar código HTLM malicioso HTML, que cuando se ve, sería ejecutado en el navegador web de la víctima dentro del contexto de seguridad del sitio de alojamiento. • http://www.ibm.com/support/docview.wss?uid=swg21999960 http://www.securityfocus.com/bid/96830 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-8974
https://notcve.org/view.php?id=CVE-2016-8974
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798. IBM Rhapsody DM 4.0, 5.0 y 6.0 es vulnerable a una denegación de servicio, provocada por un error XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir todos los recursos de memoria disponibles. • http://www.ibm.com/support/docview.wss?uid=swg21997798 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2016-2987
https://notcve.org/view.php?id=CVE-2016-2987
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. Una vulnerabilidad no revelada en las aplicaciones CLM puede provocar que algunos parámetros de implementación administrativa se muestren a un atacante. • http://www.securityfocus.com/bid/95109 https://www.ibm.com/support/docview.wss?uid=swg21996097 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-3014
https://notcve.org/view.php?id=CVE-2016-3014
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en IBM Rational Collaborative Lifecycle Management 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Quality Manager 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Team Concert 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17 y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21992151 http://www.securityfocus.com/bid/93515 http://www.securitytracker.com/id/1037025 http://www.securitytracker.com/id/1037026 http://www.securitytracker.com/id/1037027 http://www.securitytracker.com/id/1037028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-2926
https://notcve.org/view.php?id=CVE-2016-2926
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Rational Collaborative Lifecycle Management 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Quality Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Team Concert 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21993444 http://www.securityfocus.com/bid/94146 http://www.securitytracker.com/id/1037276 http://www.securitytracker.com/id/1037277 http://www.securitytracker.com/id/1037278 http://www.securitytracker.com/id/1037279 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •