CVSS: 4.3EPSS: 0%CPEs: 108EXPL: 0CVE-2017-1240
https://notcve.org/view.php?id=CVE-2017-1240
27 Nov 2017 — IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359. Los productos IBM Rhapsody DM podrían revelar información sensible en respuestas HTTP 500 - Error interno del servidor. IBM X-Force ID: 124359. • http://www.ibm.com/support/docview.wss?uid=swg22010512 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 118EXPL: 0CVE-2016-9700
https://notcve.org/view.php?id=CVE-2016-9700
05 Jul 2017 — IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528. IBM Jazz Foundation podría permitir a un atacante autenticado obtener información confidencial de los rastreos de la pila de los mensajes de error. IBM X-Force ID: 119528. • http://www.ibm.com/support/docview.wss?uid=swg22005435 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 102EXPL: 0CVE-2016-9973
https://notcve.org/view.php?id=CVE-2016-9973
13 Jun 2017 — IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209. Jazz Foundation de IBM es vulnerable a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, lo que altera la funcionalidad deseada que... • http://www.ibm.com/support/docview.wss?uid=swg22004534 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0CVE-2017-1099
https://notcve.org/view.php?id=CVE-2017-1099
13 Jun 2017 — IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659. Jazz Foundation de IBM, podría exponer información potencialmente confidencial a los usuarios autenticados por medio de condiciones de error de rastreo de pila. ID de IBM X-Force: 120659. • http://www.ibm.com/support/docview.wss?uid=swg22004534 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 0CVE-2016-9698
https://notcve.org/view.php?id=CVE-2016-9698
08 Jun 2017 — IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960. Rhapsody DM versiones 4.0, 5.0 y 6.0 de IBM, es vulnerable a una denegación de servicio, causada por un error de inyección XML External Entity (XXE) al procesar datos XML. Un atacante remoto podría ex... • http://www.ibm.com/support/docview.wss?uid=swg21999960 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0CVE-2016-9735
https://notcve.org/view.php?id=CVE-2016-9735
15 May 2017 — IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781, IBM Jazz Foundation podría permitir que un usuario autenticado obtenga información confidencial de las trazas de pila. IBM X-Force ID: 119781 • http://www.ibm.com/support/docview.wss?uid=swg22003064 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 109EXPL: 0CVE-2016-9707
https://notcve.org/view.php?id=CVE-2016-9707
31 Mar 2017 — IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784. IBM Jazz Foundation es vulnerable a una denegación de servicio, causada por un error de XML Entity Injection XXE XML al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer inform... • http://www.securityfocus.com/bid/97171 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2016-9694
https://notcve.org/view.php?id=CVE-2016-9694
20 Mar 2017 — IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999960. IBM Rhapsody DM 4.0, 5.0 y 6.0 es vulnerable a secuencias de comandos en sitios cruzados. Esta vulnerabilidad permite a usuarios inctrustrar código JavaScript arbitrario en la Web UI alterando así la funcionalidad previ... • http://www.ibm.com/support/docview.wss?uid=swg21999960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2016-9696
https://notcve.org/view.php?id=CVE-2016-9696
20 Mar 2017 — IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 1999960. IBM Rhapsody DM 4.0, 5.0, y 6.0 es vulnerable a inyección de HTML. Un atacante remoto podría inyectar código HTLM malicioso HTML, que cuando se ve, sería ejecutado en el navegador web de la víctima dentro del contexto de seguridad del sitio de alojamien... • http://www.ibm.com/support/docview.wss?uid=swg21999960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.1EPSS: 0%CPEs: 14EXPL: 0CVE-2016-9697
https://notcve.org/view.php?id=CVE-2016-9697
20 Mar 2017 — An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference #: 1999960. Una vulnerabilidad no especificada en IBM Rhapsody DM 4.0, 5.0, y 6.0 podría permitir a un atacante realizar un ataque de secuestro JSON. Un ataque de secuestro JSON puede exponer a una información de un atacante pasada entre el servidor y el navegador. • http://www.ibm.com/support/docview.wss?uid=swg21999960 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •