CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7474
https://notcve.org/view.php?id=CVE-2015-7474
16 Jan 2018 — Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108501. Vulnerabilidad de Cross-Site Scripting (XSS) en Jazz Foundation en IBM Rational Engineering Lifecycle Manager 3.0 anterior a 3.0.1.6 iFix7 Interim Fix 1, 4.0 anterior a 4.0.7 iF... • http://www-01.ibm.com/support/docview.wss?uid=swg21983720 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7484
https://notcve.org/view.php?id=CVE-2015-7484
16 Jan 2018 — IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force ID: 108619. IBM Rational Engineering Lifecycle Manager 3.0 anteriores a 3.0.1.6 iFix7 Interim Fix 1 y 4.0 anteriores a 4.0.7 iFix10 permite que usuarios autenticados remotos con acceso a proyectos lifecycle obtengan información sensibl... • http://www-01.ibm.com/support/docview.wss?uid=swg21983720 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7485
https://notcve.org/view.php?id=CVE-2015-7485
16 Jan 2018 — Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108626. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Rational Engineering Lifecycle Manager 3.0 anterior a 3.0.1.6 iFix7 Interim Fix 1, 4.0 anterior a 4.0.7 iFix10, 5.0 anterior a 5.0.2 iFix15 y 6.... • http://www-01.ibm.com/support/docview.wss?uid=swg21983720 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7486
https://notcve.org/view.php?id=CVE-2015-7486
16 Jan 2018 — Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108633. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Rational Engineering Lifecycle Manager 3.0 anterior a 3.0.1.6 iFix7 Interim Fix 1, 4.0 anterior a 4.0.7 iFix10, 5.0 anterior a 5.0.2 iFix15 y 6.... • http://www-01.ibm.com/support/docview.wss?uid=swg21983720 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 131EXPL: 0CVE-2015-4946
https://notcve.org/view.php?id=CVE-2015-4946
03 Jan 2016 — Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7... • http://www-01.ibm.com/support/docview.wss?uid=swg21973404 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 131EXPL: 0CVE-2015-4962
https://notcve.org/view.php?id=CVE-2015-4962
03 Jan 2016 — Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next ... • http://www-01.ibm.com/support/docview.wss?uid=swg21973404 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 131EXPL: 0CVE-2015-1971
https://notcve.org/view.php?id=CVE-2015-1971
03 Jan 2016 — Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Team Concert (RTC) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Requirements Composer (RRC) 2.x and 3.x before 3.0.1.6 IF7 and 4.0 through 4.0.7; Rational DOORS Next Ge... • http://www-01.ibm.com/support/docview.wss?uid=swg21971164 •
CVSS: 6.8EPSS: 0%CPEs: 131EXPL: 0CVE-2015-1928
https://notcve.org/view.php?id=CVE-2015-1928
02 Jan 2016 — Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Ratio... • http://www-01.ibm.com/support/docview.wss?uid=swg21973200 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 160EXPL: 0CVE-2015-0112
https://notcve.org/view.php?id=CVE-2015-0112
07 Jun 2015 — Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Gener... • http://www-01.ibm.com/support/docview.wss?uid=swg21957763 •
CVSS: 5.3EPSS: 0%CPEs: 105EXPL: 0CVE-2014-3092
https://notcve.org/view.php?id=CVE-2014-3092
12 Sep 2014 — IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. IBM Jazz Team Server, utilizado en Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x anterior... • http://www-01.ibm.com/support/docview.wss?uid=swg21682787 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •