CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-4252
https://notcve.org/view.php?id=CVE-2019-4252
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883. IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1 podría permitir a un atacante remoto atravesar directorios en el sistema. Un atacante podría enviar una solicitud de URL especialmente diseñada que contenga secuencias de "dot dot" (/../) para ver archivos arbitrarios en el sistema. • http://www.ibm.com/support/docview.wss?uid=ibm10956525 https://exchange.xforce.ibmcloud.com/vulnerabilities/159883 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2019-4250
https://notcve.org/view.php?id=CVE-2019-4250
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648. Los productos de IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1) son vulnerables a los scripts entre sitios. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, por lo tanto, alterar la funcionalidad deseada que podría llevar a la revelación de credenciales dentro de una sesión segura. • http://www.ibm.com/support/docview.wss?uid=ibm10956525 https://exchange.xforce.ibmcloud.com/vulnerabilities/159648 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2019-4249
https://notcve.org/view.php?id=CVE-2019-4249
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647. IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1 es vulnerable a los scripts entre sitios. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, por lo tanto, alterar la funcionalidad deseada que podría llevar a la revelación de credenciales dentro de una sesión segura. • http://www.ibm.com/support/docview.wss?uid=ibm10956525 https://exchange.xforce.ibmcloud.com/vulnerabilities/159647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-4084
https://notcve.org/view.php?id=CVE-2019-4084
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384. Los productos de IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1) podrían permitirle a un usuario identificado obtener información confidencial de las aplicaciones CLM que podrían usarse en futuros ataques contra el sistema. ID de IBM X-Force: 157384. • http://www.ibm.com/support/docview.wss?uid=ibm10956525 https://exchange.xforce.ibmcloud.com/vulnerabilities/157384 •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2019-4083
https://notcve.org/view.php?id=CVE-2019-4083
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383. Los productos de IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1) son vulnerables a los cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, por lo tanto, alterar la funcionalidad deseada que podría llevar a la revelación de credenciales dentro de una sesión segura. • http://www.ibm.com/support/docview.wss?uid=ibm10956525 https://exchange.xforce.ibmcloud.com/vulnerabilities/157383 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •