Page 8 of 46 results (0.009 seconds)

CVSS: 4.0EPSS: 0%CPEs: 160EXPL: 0

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Jazz Team Server en Jazz Foundation en Rational Collaborative Lifecycle Management (CLM) de IBM versión 3.0.1, versiones 4.x y anteriores a 4.0.7 IF5 y versiones 5.x y anteriores a 5.0.2 IF4; Rational Quality Manager (RQM) versiones 2.0 hasta 2.0.1, versiones 3.0 hasta 3.0.1.6, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; Rational Team Concert (RTC) versiones 2.0 hasta 2.0.0.2, versiones 3.x y anteriores a 3.0.1.6 IF6, versiones 4.x y anteriores a 4.0.7 IF5, y versiones 5.x y anteriores a 5.0.2 IF4; Rational Requirements Composer (RRC) versiones 2.0 hasta 2.0.0.4, versiones 3.x y anteriores a 3.0.1.6 IF6, y versiones 4.0 hasta 4.0.7; Rational DOORS Next Generation (RDNG) versiones 4.x y anteriores a 4.0.7 IF5 y versiones 5.x y anteriores a 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) versiones 1.0 hasta 1.0.0.1, versiones 4.0.3 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; Rational Rhapsody Design Manager (DM) versiones 3.0 hasta 3.0.1, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; y Rational Software Architect Design Manager (RSA DM) versiones 3.0 hasta 3.0.1, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2, permite a los usuarios autenticados remotos leer archivos arbitrarios por medio de una declaración de tipo XML external entity en conjunto con una referencia de entidad, relacionada con un problema de tipo XML External Entity (XXE). • http://www-01.ibm.com/support/docview.wss?uid=swg21957763 •

CVSS: 3.7EPSS: 0%CPEs: 30EXPL: 0

IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation. IBM Rational Requirements Composer 3.0 hasta 3.0.1.6 y 4.0 hasta 4.0.7 y Rational DOORS Next Generation (RDNG) 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, cuando el 'Single Sign On' de LTPA está utilizado con WebSphere Application Server, no terminan una sesión de Requirements Management (RM) cuando caduca el token LTPA, lo que permite a atacantes remotos obtener el acceso mediante el aprovechamiento de una estación de trabajo desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg21903761 http://www.securityfocus.com/bid/74910 •

CVSS: 5.0EPSS: 0%CPEs: 86EXPL: 0

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request. El sistema de ayuda de Jazz en IBM Rational Collaborative Lifecycle Management 4.0 hasta 5.0.2, Rational Quality Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Team Concert 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Requirements Composer 4.0 hasta 4.0.7, Rational DOORS Next Generation 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Rhapsody Design Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, y Rational Software Architect Design Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2 permite a atacantes remotos leer código JSP de fuente a través de una solicitud manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21882770 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0

The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. El analizador sintáctico de XML en IBM Rational DOORS Next Generation 4.x anterior a 4.0.7 iFix3 y 5.x anterior a 5.0.2 y Rational Requirements Composer 2.x y 3.x anterior a 3.0.1.6 iFix5 y 4.x anterior a 4.0.7 iFix3 no detecta correctamente la recursión durante la expansión de entidades, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un documento XML que contiene un número grande de referencias de entidad anidadas, un problema similar a CVE-2003-1564. • http://www-01.ibm.com/support/docview.wss?uid=swg21698248 • CWE-399: Resource Management Errors •

CVSS: 4.0EPSS: 0%CPEs: 91EXPL: 0

IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors. IBM Rational Jazz Team Server (JTS), utilixado en Rational Collaborative Lifecycle Management 3.x y 4.x y 4.0.7 iFix4 y 5.x anterior a 5.0.2 iFix2; Rational Quality Manager 2.x y 3.x anterior a 3.0.1.6 iFix5, 4.x anterior a 4.0.7 iFix4, y 5.x anterior a 5.0.2 iFix2; Rational Team Concert 2.x y 3.x anterior a 3.0.1.6 iFix5, 4.x anterior a 4.0.7 iFix4, y 5.x anterior a 5.0.2 iFix2; Rational DOORS Next Generation 4.x anterior a 4.0.7 iFix4 y 5.x anterior a 5.0.2 iFix2; Rational Requirements Composer 2.x y 3.x anterior a 3.0.1.6 iFix5; y otros productos, permite a usuarios remotos autenticados leer los paneles de control de usuarios arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21698247 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •