CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7485
https://notcve.org/view.php?id=CVE-2015-7485
Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108626. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Rational Engineering Lifecycle Manager 3.0 anterior a 3.0.1.6 iFix7 Interim Fix 1, 4.0 anterior a 4.0.7 iFix10, 5.0 anterior a 5.0.2 iFix15 y 6.0 anterior a 6.0.1 iFix4 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores sin especificar. IBM X-Force ID: 108626. • http://www-01.ibm.com/support/docview.wss?uid=swg21983720 https://exchange.xforce.ibmcloud.com/vulnerabilities/108626 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2017-1191
https://notcve.org/view.php?id=CVE-2017-1191
An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661. Es posible que una vulnerabilidad no revelada en las aplicaciones CLM (incluido IBM Rational Collaborative Lifecycle Management 4.0, 5.0 y 6.0) no restrinja el acceso URL. IBM X-Force ID: 123661. • http://www.ibm.com/support/docview.wss?uid=swg22011815 https://exchange.xforce.ibmcloud.com/vulnerabilities/123661 •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 0CVE-2017-1365
https://notcve.org/view.php?id=CVE-2017-1365
IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858. IBM Team Concert (RTC incluido IBM Rational Collaborative Lifecycle Management 4.0, 5.0 y 6.0) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades planeadas. • http://www.ibm.com/support/docview.wss?uid=swg22011815 https://exchange.xforce.ibmcloud.com/vulnerabilities/126858 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 108EXPL: 0CVE-2017-1507
https://notcve.org/view.php?id=CVE-2017-1507
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619. IBM Jazz Foundation Products podría revelar información sensible durante un escaneo que podría conducir a más ataques contra el sistema. IBM X-Force ID: 129619. • http://www.ibm.com/support/docview.wss?uid=swg22010627 https://exchange.xforce.ibmcloud.com/vulnerabilities/129619 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 108EXPL: 0CVE-2017-1240
https://notcve.org/view.php?id=CVE-2017-1240
IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359. Los productos IBM Rhapsody DM podrían revelar información sensible en respuestas HTTP 500 - Error interno del servidor. IBM X-Force ID: 124359. • http://www.ibm.com/support/docview.wss?uid=swg22010512 http://www.securityfocus.com/bid/101976 https://exchange.xforce.ibmcloud.com/vulnerabilities/124359 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •