CVSS: 5.4EPSS: 0%CPEs: 102EXPL: 0CVE-2016-9973
https://notcve.org/view.php?id=CVE-2016-9973
13 Jun 2017 — IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209. Jazz Foundation de IBM es vulnerable a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, lo que altera la funcionalidad deseada que... • http://www.ibm.com/support/docview.wss?uid=swg22004534 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0CVE-2017-1099
https://notcve.org/view.php?id=CVE-2017-1099
13 Jun 2017 — IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659. Jazz Foundation de IBM, podría exponer información potencialmente confidencial a los usuarios autenticados por medio de condiciones de error de rastreo de pila. ID de IBM X-Force: 120659. • http://www.ibm.com/support/docview.wss?uid=swg22004534 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 104EXPL: 0CVE-2016-9735
https://notcve.org/view.php?id=CVE-2016-9735
15 May 2017 — IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781, IBM Jazz Foundation podría permitir que un usuario autenticado obtenga información confidencial de las trazas de pila. IBM X-Force ID: 119781 • http://www.ibm.com/support/docview.wss?uid=swg22003064 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 109EXPL: 0CVE-2016-9707
https://notcve.org/view.php?id=CVE-2016-9707
31 Mar 2017 — IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784. IBM Jazz Foundation es vulnerable a una denegación de servicio, causada por un error de XML Entity Injection XXE XML al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer inform... • http://www.securityfocus.com/bid/97171 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2016-2981
https://notcve.org/view.php?id=CVE-2016-2981
20 Mar 2017 — An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965. Una vulnerabilidad no revelada en las aplicaciones CLM en IBM Jazz Team Server podría permitir acceso no autorizado a credenciales de usuario. Referencia de IBM: 1999965. • http://www.ibm.com/support/docview.wss?uid=swg21999965 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2016-2866
https://notcve.org/view.php?id=CVE-2016-2866
08 Feb 2017 — An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user. Una vulnerabilidad no especificada en IBM Jazz Team Server puede revelar alguna información de despliegue a un usuario autenticado. • http://www.ibm.com/support/docview.wss?uid=swg21997104 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0CVE-2016-6032
https://notcve.org/view.php?id=CVE-2016-6032
08 Feb 2017 — IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Rational Team Concert 4.0, 5.0 y 6.0 es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz Web alterando así la funcionalidad intencionada conduciendo potencialmente a la d... • http://www.ibm.com/support/docview.wss?uid=swg21997104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2016-6030
https://notcve.org/view.php?id=CVE-2016-6030
01 Feb 2017 — IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Jazz Foundation es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación d... • http://www.securityfocus.com/bid/95110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2016-6061
https://notcve.org/view.php?id=CVE-2016-6061
01 Feb 2017 — IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Jazz Foundation es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación d... • http://www.securityfocus.com/bid/95117 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2016-6028
https://notcve.org/view.php?id=CVE-2016-6028
01 Feb 2017 — IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view. Los productos basados en tecnología IBM Jazz podrían permitir a un atacante ver los títulos de artículos de trabajo que ellos no tienen privilegios para ver. • http://www.securityfocus.com/bid/95111 • CWE-264: Permissions, Privileges, and Access Controls •