170 matches found
CVE-2017-1245
IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
CVE-2016-8975
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912...
CVE-2017-1245
IBM Rational Software Architect Design Manager 5.0–6.0 is vulnerable to cross-site scripting in the Web UI due to improper input sanitization. Affected products range 4.0.0–6.0.2; the CVE entry corresponds to CVE-2017-1245 with CVSSv3 base 5.4. Remediation/releases include upgrading to fixed iFix...
CVE-2016-9698
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference...
IBM Rational Rhapsody Design Manager XML External Entity Injection Vulnerability
IBM Rational Rhapsody Design Manager is a set of collaborative design management software from IBM in the United States. IBM Rational Rhapsody Design Manager suffers from an XML external entity injection vulnerability. A remote attacker could exploit this vulnerability to submit special XML data,...
IBM Rational Rhapsody Design Manager Arbitrary File Upload Vulnerability
IBM Rational Rhapsody Design Manager is a suite of collaborative design management software from IBM. The software supports the use of centralized system repositories with Web-based access to store, share, search, and manage design models as well as automated software design reviews. An arbitrary...
IBM Rational Rhapsody Design Manager Information Disclosure Vulnerability
IBM Rational Rhapsody Design Manager is a suite of collaborative design management software from IBM. The software supports the use of centralized system repositories with Web-based access to store, share, search, and manage design models as well as automated software design reviews. A security...
IBM Rational Rhapsody Design Manager HTML Injection Vulnerability
IBM Rational Rhapsody Design Manager is a set of collaborative design management software from IBM in the United States. IBM Rational Rhapsody Design Manager suffers from an HTML injection vulnerability. The vulnerability allows remote attackers to inject malicious script or HTML code, which can ...
IBM Rational Rhapsody Design Manager Cross-Site Scripting Vulnerability
IBM Rational Rhapsody Design Manager is a suite of collaborative design management software from IBM. The software supports the use of centralized system repositories with Web-based access to store, share, search, and manage design models as well as automated software design reviews. A cross-site...
Cross site scripting
Cross-site scripting XSS vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1description parameter aka "Design Manager Categories Category Description"...
CVE-2017-6555
Cross-site scripting XSS vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1description parameter aka "Design Manager Categories Category Description"...
IBM Rational Rhapsody Design Manager XML External Entity Injection Vulnerability
IBM Rational Rhapsody Design Manager is a Jazz-based platform from IBM that helps systems engineers apply Model-Based Systems Engineering MBSE through SysML to help embedded software developers dismantle engineering silos and collaborate with key stakeholders, such as managers, quality managers,...
CVE-2016-3014
Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17,...
CVE-2016-3014
Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17,...
CVE-2016-3014
The CVE-2016-3014 entry concerns a Cross-Site Scripting (XSS) vulnerability in IBM Jazz Foundation-based products, including CLM, RDNG, RELM, RTC, RQM, RSA DM, and Rhapsody DM. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Affected...
CVE-2016-2926
Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0...
CVE-2016-2947
IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2...
CVE-2016-2986
IBM CVE-2016-2986 affects IBM Jazz-based products in CLM/RQM/RTC/RDNG/RELM/Rhapsody DM (versions 6.0.x prior to fixed 6.0.1 iFix6). The vulnerability is an XSS that lets remote authenticated users inject arbitrary JavaScript/HTML via unspecified vectors, potentially impacting credentials in a tru...
CVE-2016-2947
CVE-2016-2947 describes an information disclosure vulnerability in IBM Jazz Foundation products (CLM, RQM, RTC, RDNG, RELM, Rhapsody DM, RSA DM) and related RFPs. The issue affects multiple versions across CLM 4.0–6.0.2, RQM 4.0–4.0.7/5.0–5.0.2/6.0–6.0.2, RTC 4.0–4.0.7/5.0–5.0.2/6.0–6.0.2, RDNG 4...
CVE-2016-2864
Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0...