CVSS: 4.3EPSS: 0%CPEs: 108EXPL: 0CVE-2017-1251
https://notcve.org/view.php?id=CVE-2017-1251
27 Nov 2017 — An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631. Una vulnerabilidad no revelada en aplicaciones CLM podría resultar en que algunos parámetros de implementación administrativa se muestren al atacante. IBM X-Force ID: 124631. • http://www.ibm.com/support/docview.wss?uid=swg22010682 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 118EXPL: 0CVE-2016-9700
https://notcve.org/view.php?id=CVE-2016-9700
05 Jul 2017 — IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528. IBM Jazz Foundation podría permitir a un atacante autenticado obtener información confidencial de los rastreos de la pila de los mensajes de error. IBM X-Force ID: 119528. • http://www.ibm.com/support/docview.wss?uid=swg22005435 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 35%CPEs: 104EXPL: 0CVE-2017-1099
https://notcve.org/view.php?id=CVE-2017-1099
13 Jun 2017 — IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659. Jazz Foundation de IBM, podría exponer información potencialmente confidencial a los usuarios autenticados por medio de condiciones de error de rastreo de pila. ID de IBM X-Force: 120659. • http://www.ibm.com/support/docview.wss?uid=swg22004534 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 102EXPL: 0CVE-2016-9973
https://notcve.org/view.php?id=CVE-2016-9973
13 Jun 2017 — IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209. Jazz Foundation de IBM es vulnerable a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, lo que altera la funcionalidad deseada que... • http://www.ibm.com/support/docview.wss?uid=swg22004534 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 0CVE-2016-9698
https://notcve.org/view.php?id=CVE-2016-9698
08 Jun 2017 — IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960. Rhapsody DM versiones 4.0, 5.0 y 6.0 de IBM, es vulnerable a una denegación de servicio, causada por un error de inyección XML External Entity (XXE) al procesar datos XML. Un atacante remoto podría ex... • http://www.ibm.com/support/docview.wss?uid=swg21999960 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0CVE-2016-9735
https://notcve.org/view.php?id=CVE-2016-9735
15 May 2017 — IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781, IBM Jazz Foundation podría permitir que un usuario autenticado obtenga información confidencial de las trazas de pila. IBM X-Force ID: 119781 • http://www.ibm.com/support/docview.wss?uid=swg22003064 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 109EXPL: 0CVE-2016-9707
https://notcve.org/view.php?id=CVE-2016-9707
31 Mar 2017 — IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784. IBM Jazz Foundation es vulnerable a una denegación de servicio, causada por un error de XML Entity Injection XXE XML al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer inform... • http://www.securityfocus.com/bid/97171 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2016-8973
https://notcve.org/view.php?id=CVE-2016-8973
20 Mar 2017 — IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960. IBM Rhapsody DM 4.0, 5.0 y 6.0 contiene una vulnerabilidad no revelada que podría permitir a un usuario autenticado subir archivos maliciosos infectados al servidor. Referencia de IBM: 1999960. • http://www.ibm.com/support/docview.wss?uid=swg21999960 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2016-9694
https://notcve.org/view.php?id=CVE-2016-9694
20 Mar 2017 — IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999960. IBM Rhapsody DM 4.0, 5.0 y 6.0 es vulnerable a secuencias de comandos en sitios cruzados. Esta vulnerabilidad permite a usuarios inctrustrar código JavaScript arbitrario en la Web UI alterando así la funcionalidad previ... • http://www.ibm.com/support/docview.wss?uid=swg21999960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2016-9696
https://notcve.org/view.php?id=CVE-2016-9696
20 Mar 2017 — IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 1999960. IBM Rhapsody DM 4.0, 5.0, y 6.0 es vulnerable a inyección de HTML. Un atacante remoto podría inyectar código HTLM malicioso HTML, que cuando se ve, sería ejecutado en el navegador web de la víctima dentro del contexto de seguridad del sitio de alojamien... • http://www.ibm.com/support/docview.wss?uid=swg21999960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •