CVSS: 6.5EPSS: 0%CPEs: 91EXPL: 0CVE-2014-6129
https://notcve.org/view.php?id=CVE-2014-6129
18 Mar 2015 — IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iF... • http://www-01.ibm.com/support/docview.wss?uid=swg21698247 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 91EXPL: 0CVE-2014-6131
https://notcve.org/view.php?id=CVE-2014-6131
18 Mar 2015 — IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iF... • http://www-01.ibm.com/support/docview.wss?uid=swg21698247 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2015-0125
https://notcve.org/view.php?id=CVE-2015-0125
18 Mar 2015 — Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 4.x before 4.0.7 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Rational DOORS Next Generation 4.x anterior a 4.0.7 iFix3 y 5.x anterior a 5.0.2 y Rational Requirements Composer 4.x anterior a 4.0.7 iFix3 permite a usuarios remotos autenticados inyectar secuencias de comand... • http://www-01.ibm.com/support/docview.wss?uid=swg21697297 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2015-0132
https://notcve.org/view.php?id=CVE-2015-0132
18 Mar 2015 — The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. El analizador sintáctico de XML en IBM Rational DOORS Next Gener... • http://www-01.ibm.com/support/docview.wss?uid=swg21698248 • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 105EXPL: 0CVE-2014-3092
https://notcve.org/view.php?id=CVE-2014-3092
12 Sep 2014 — IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. IBM Jazz Team Server, utilizado en Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x anterior... • http://www-01.ibm.com/support/docview.wss?uid=swg21682787 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •