CVE-2021-38868
https://notcve.org/view.php?id=CVE-2021-38868
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id: 208310. IBM Engineering Requirements Quality Assistant On-Premises (Todas las versiones) es vulnerable a un ataque de tipo Cross-Site Request Forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que confía el sitio web. IBM X-Force Id: 208310 • https://exchange.xforce.ibmcloud.com/vulnerabilities/208310 https://www.ibm.com/support/pages/node/6604005 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-29799
https://notcve.org/view.php?id=CVE-2021-29799
IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID: 203738. IBM Engineering Requirements Quality Assistant On-Premises (Todas las versiones) podría permitir a un usuario autenticado obtener información confidencial debido a una comprobación inapropiada del lado del cliente. IBM X-Force ID: 203738 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203738 https://www.ibm.com/support/pages/node/6604005 •
CVE-2021-29790
https://notcve.org/view.php?id=CVE-2021-29790
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440. IBM Engineering Requirements Quality Assistant On-Premises (Todas las versiones) es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales en una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/203440 https://www.ibm.com/support/pages/node/6604005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-29788
https://notcve.org/view.php?id=CVE-2021-29788
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203310. IBM Engineering Requirements Quality Assistant On-Premises (Todas las versiones) es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales en una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/203310 https://www.ibm.com/support/pages/node/6604005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-29899
https://notcve.org/view.php?id=CVE-2021-29899
IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413. IBM Engineering Requirements Quality Assistant versiones anteriores a 3.1.3, podría permitir a un usuario autenticado causar una denegación de servicio. IBM X-Force ID: 207413 • https://exchange.xforce.ibmcloud.com/vulnerabilities/207413 https://www.ibm.com/support/pages/node/6564317 •