CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 0CVE-2020-4445
https://notcve.org/view.php?id=CVE-2020-4445
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122. Las aplicaciones basadas en IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/181122 https://www.ibm.com/support/pages/node/6325343 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2019-4748
https://notcve.org/view.php?id=CVE-2019-4748
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174. IBM Jazz Team Server basadas en Applications es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista que puede conllevar a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/173174 https://www.ibm.com/support/pages/node/6249133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4603
https://notcve.org/view.php?id=CVE-2019-4603
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295. IBM Quality Manager (RQM) versiones 6.02, 6.06 y 6.0.6.1, podría permitir a un usuario autenticado crear palabras clave por medio de la API REST y hacer que aparezcan como si fueran creadas por otro usuario. ID de IBM X-Force: 168295. • https://exchange.xforce.ibmcloud.com/vulnerabilities/168295 https://www.ibm.com/support/pages/node/6172629 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4602
https://notcve.org/view.php?id=CVE-2019-4602
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168293. IBM Quality Manager (RQM) versiones 6.02, 6.06 y 6.0.6.1, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/168293 https://www.ibm.com/support/pages/node/6172629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4601
https://notcve.org/view.php?id=CVE-2019-4601
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that could aid in further attacks against the system. IBM Quality Manager (RQM) versiones 6.02, 6.06 y 6.0.6.1, podría permitir a un usuario autenticado obtener información confidencial de un rastro de pila que podría ayudar en nuevos ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/168294 https://www.ibm.com/support/pages/node/6172629 • CWE-209: Generation of Error Message Containing Sensitive Information •