Page 7 of 44 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 92EXPL: 0

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. Una vulnerabilidad no revelada en las aplicaciones CLM puede provocar que algunos parámetros de implementación administrativa se muestren a un atacante. • http://www.securityfocus.com/bid/95109 https://www.ibm.com/support/docview.wss?uid=swg21996097 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 77EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en IBM Rational Collaborative Lifecycle Management 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Quality Manager 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Team Concert 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17 y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21992151 http://www.securityfocus.com/bid/93515 http://www.securitytracker.com/id/1037025 http://www.securitytracker.com/id/1037026 http://www.securitytracker.com/id/1037027 http://www.securitytracker.com/id/1037028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 101EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Rational Collaborative Lifecycle Management 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Quality Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Team Concert 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21993444 http://www.securityfocus.com/bid/94146 http://www.securitytracker.com/id/1037276 http://www.securitytracker.com/id/1037277 http://www.securitytracker.com/id/1037278 http://www.securitytracker.com/id/1037279 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 101EXPL: 0

IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to obtain sensitive information via unspecified vectors. IBM Rational Collaborative Lifecycle Management 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Quality Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Team Concert 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5 permiten a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21991477 http://www.securityfocus.com/bid/94518 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 101EXPL: 0

The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. El intérprete XML en IBM Rational Collaborative Lifecycle Management 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Team Concert 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5 permite a usuarios remotos autenticados leer archivos arbitrarios o provocar una denegación de servicio a través de un documento XML que contenga una declaración de entidad externa en conjunción con una referencia de entidad, relacionado con un problema XML External Entity (XXE). • http://www-01.ibm.com/support/docview.wss?uid=swg21991478 http://www.securityfocus.com/bid/94555 • CWE-611: Improper Restriction of XML External Entity Reference •