CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0CVE-2017-1602
https://notcve.org/view.php?id=CVE-2017-1602
23 Mar 2018 — IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625. IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 y 6.0) podría permitir a un usuario autenticado acceder a ajustes para los que no debería estar autorizado mediante una URL especialmente manipulada. IBM X-Force ID: 132625. • http://www.ibm.com/support/docview.wss?uid=swg22014815 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.4EPSS: 0%CPEs: 19EXPL: 0CVE-2017-1629
https://notcve.org/view.php?id=CVE-2017-1629
23 Mar 2018 — IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133127. IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 y 6.0) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embe... • http://www.ibm.com/support/docview.wss?uid=swg22014815 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 19EXPL: 0CVE-2017-1762
https://notcve.org/view.php?id=CVE-2017-1762
23 Mar 2018 — IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136006. IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 y 6.0) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embe... • http://www.ibm.com/support/docview.wss?uid=swg22014815 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 19EXPL: 0CVE-2017-1655
https://notcve.org/view.php?id=CVE-2017-1655
23 Mar 2018 — IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133379. IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 y 6.0) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embe... • http://www.ibm.com/support/docview.wss?uid=swg22014815 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0CVE-2017-1524
https://notcve.org/view.php?id=CVE-2017-1524
23 Mar 2018 — IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970. IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 y 6.0) podría permitir que un usuario autenticado obtenga información sensible de una petición HTTP especialmente manipulada que podría emplear como ayuda para futuros ataques. IBM X-Forc... • http://www.ibm.com/support/docview.wss?uid=swg22014815 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 44EXPL: 0CVE-2015-7449
https://notcve.org/view.php?id=CVE-2015-7449
20 Mar 2018 — IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Gen... • http://www-01.ibm.com/support/docview.wss?uid=swg21985143 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 41EXPL: 0CVE-2015-7453
https://notcve.org/view.php?id=CVE-2015-7453
15 Mar 2018 — Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0... • http://www-01.ibm.com/support/docview.wss?uid=swg21982747 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 41EXPL: 0CVE-2015-7440
https://notcve.org/view.php?id=CVE-2015-7440
15 Mar 2018 — IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements... • http://www-01.ibm.com/support/docview.wss?uid=swg21982747 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.8EPSS: 0%CPEs: 41EXPL: 0CVE-2015-7471
https://notcve.org/view.php?id=CVE-2015-7471
15 Mar 2018 — Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0... • http://www-01.ibm.com/support/docview.wss?uid=swg21982747 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 130EXPL: 0CVE-2016-0219
https://notcve.org/view.php?id=CVE-2016-0219
16 Jan 2018 — XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693. Vulnerabilidad de XEE (XML External Entity) en IBM Rational Team Concert 3.0 en versiones anteriores a la 3.0.1.6 iFix7 Interim Fix 1, 4.0 en versiones anteriores a la 4.0.7 iFix10, 5.0 en versiones anteriores a la 5.... • http://www-01.ibm.com/support/docview.wss?uid=swg21983720 • CWE-611: Improper Restriction of XML External Entity Reference •