CVE-2015-7471
https://notcve.org/view.php?id=CVE-2015-7471
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote authenticated users with project administrator privileges to inject arbitrary web script or HTML via a crafted project. IBM X-Force ID: 108429. Vulnerabilidad Cross-Site Scripting (XSS) en IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x anteriores a 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6 y 4.0.7 anteriores a iFix10, 5.0.x anteriores a 5.0.2 iFix1 y 6.0.x anteriores a 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4 permiten que los usuarios autenticados remotos con privilegios de administrador del proyecto inyecten scripts web o HTML arbitrarios mediante un proyecto manipulado. IBM X-Force ID: 108429. • http://www-01.ibm.com/support/docview.wss?uid=swg21982747 https://exchange.xforce.ibmcloud.com/vulnerabilities/108429 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-7440
https://notcve.org/view.php?id=CVE-2015-7440
IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors. IBM X-Force ID: 108098. IBM Rational Collaborative Lifecycle Management (CLM) en versiones 3.0.1 anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x anteriores a 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6 y 4.0.7 anteriores a iFix10, 5.0.x anteriores a 5.0.2 iFix1 y 6.0.x anteriores a 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4 podrían permitir que los usuarios locales obtengan privilegios mediante vectores sin especificar. IBM X-Force ID: 108098. • http://www-01.ibm.com/support/docview.wss?uid=swg21982747 https://exchange.xforce.ibmcloud.com/vulnerabilities/108098 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-0219
https://notcve.org/view.php?id=CVE-2016-0219
XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693. Vulnerabilidad de XEE (XML External Entity) en IBM Rational Team Concert 3.0 en versiones anteriores a la 3.0.1.6 iFix7 Interim Fix 1, 4.0 en versiones anteriores a la 4.0.7 iFix10, 5.0 en versiones anteriores a la 5.0.2 iFix15 y 6.0 en versiones anteriores a la 6.0.1 iFix4 permite que usuarios autenticados remotos provoquen una denegación de servicio (DoS) mediante datos XML manipulados. IBM X-Force ID: 109693. • http://www-01.ibm.com/support/docview.wss?uid=swg21983720 https://exchange.xforce.ibmcloud.com/vulnerabilities/109693 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2017-1191
https://notcve.org/view.php?id=CVE-2017-1191
An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661. Es posible que una vulnerabilidad no revelada en las aplicaciones CLM (incluido IBM Rational Collaborative Lifecycle Management 4.0, 5.0 y 6.0) no restrinja el acceso URL. IBM X-Force ID: 123661. • http://www.ibm.com/support/docview.wss?uid=swg22011815 https://exchange.xforce.ibmcloud.com/vulnerabilities/123661 •
CVE-2017-1365
https://notcve.org/view.php?id=CVE-2017-1365
IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858. IBM Team Concert (RTC incluido IBM Rational Collaborative Lifecycle Management 4.0, 5.0 y 6.0) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades planeadas. • http://www.ibm.com/support/docview.wss?uid=swg22011815 https://exchange.xforce.ibmcloud.com/vulnerabilities/126858 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •