CVE-2019-4748
https://notcve.org/view.php?id=CVE-2019-4748
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174. IBM Jazz Team Server basadas en Applications es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista que puede conllevar a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/173174 https://www.ibm.com/support/pages/node/6249133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-4603
https://notcve.org/view.php?id=CVE-2019-4603
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295. IBM Quality Manager (RQM) versiones 6.02, 6.06 y 6.0.6.1, podría permitir a un usuario autenticado crear palabras clave por medio de la API REST y hacer que aparezcan como si fueran creadas por otro usuario. ID de IBM X-Force: 168295. • https://exchange.xforce.ibmcloud.com/vulnerabilities/168295 https://www.ibm.com/support/pages/node/6172629 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-4602
https://notcve.org/view.php?id=CVE-2019-4602
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168293. IBM Quality Manager (RQM) versiones 6.02, 6.06 y 6.0.6.1, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/168293 https://www.ibm.com/support/pages/node/6172629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-4601
https://notcve.org/view.php?id=CVE-2019-4601
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that could aid in further attacks against the system. IBM Quality Manager (RQM) versiones 6.02, 6.06 y 6.0.6.1, podría permitir a un usuario autenticado obtener información confidencial de un rastro de pila que podría ayudar en nuevos ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/168294 https://www.ibm.com/support/pages/node/6172629 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2019-4252
https://notcve.org/view.php?id=CVE-2019-4252
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883. IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1 podría permitir a un atacante remoto atravesar directorios en el sistema. Un atacante podría enviar una solicitud de URL especialmente diseñada que contenga secuencias de "dot dot" (/../) para ver archivos arbitrarios en el sistema. • http://www.ibm.com/support/docview.wss?uid=ibm10956525 https://exchange.xforce.ibmcloud.com/vulnerabilities/159883 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •