Lucene search
K

137 matches found

Prion
Prion
added 2018/03/15 10:29 p.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management CLM 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager RQM 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x...

4.3CVSS5.6AI score0.0087EPSS
Exploits0References2Affected Software8
Prion
Prion
added 2018/01/16 7:29 p.m.18 views

Design/Logic Flaw

IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force ID: 108619...

4CVSS5.7AI score0.00945EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/01/16 7:29 p.m.19 views

CVE-2015-7474

Cross-site scripting XSS vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecifi...

5.4CVSS5AI score0.00644EPSS
Exploits0References2
NVD
NVD
added 2018/01/16 7:29 p.m.15 views

CVE-2015-7484

IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force ID: 108619...

4.3CVSS4AI score0.00945EPSS
Exploits0References2
Prion
Prion
added 2018/01/16 7:29 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM...

3.5CVSS5.5AI score0.00674EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/01/16 7:0 p.m.45 views

CVE-2015-7474

CVE-2015-7474 is a stored cross-site scripting vulnerability in the IBM Jazz Foundation / Rational Engineering Lifecycle Manager (RELM) affecting multiple CLM components. A remote attacker can inject arbitrary web script or HTML via unspecified vectors, potentially stealing cookies or session dat...

5.4CVSS5.2AI score0.00644EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/01/16 7:0 p.m.57 views

CVE-2015-7485

IBM CVE-2015-7485 is an XSS vulnerability in IBM Rational Engineering Lifecycle Manager across multiple releases (3.0.1.6 iFix7 Interim Fix 1; 4.0.7 iFix10; 5.0.2 iFix15; 6.0.1 iFix4) caused by improper validation of user-supplied input. A remote attacker can craft a URL to execute script in the ...

5.4CVSS5.2AI score0.00674EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/01/16 7:0 p.m.21 views

CVE-2015-7474

Cross-site scripting XSS vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecifi...

5AI score0.00644EPSS
Exploits0References2
CNVD
CNVD
added 2017/10/09 12:0 a.m.3 views

IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33350)

IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

5.4CVSS5.5AI score0.00729EPSS
Exploits0References1
Prion
Prion
added 2017/08/10 3:29 p.m.19 views

Cross site scripting

IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

3.5CVSS5.1AI score0.00729EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/08/10 3:29 p.m.17 views

CVE-2017-1168

IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

5.4CVSS5.2AI score0.00729EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/08/10 3:0 p.m.20 views

CVE-2017-1168

IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

5.2AI score0.00729EPSS
Exploits0References3
CVE
CVE
added 2017/08/10 3:0 p.m.52 views

CVE-2017-1168

CVE-2017-1168 affects IBM Rational Engineering Lifecycle Manager (RELM) 4.0.3–4.0.7, 5.0–5.0.2, and 6.0–6.0.3. A cross-site scripting vulnerability in the Web UI allows embedding arbitrary JavaScript, potentially leading to credentials disclosure in a trusted session. The IBM advisory provides fi...

5.4CVSS5.1AI score0.00729EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2016/12/29 12:0 a.m.5 views

Cross-site scripting vulnerability in multiple IBM Rational products (CNVD-2016-13286)

IBM Rational Collaborative Lifecycle Management CLM, etc. are products of IBM Corporation in the U.S. IBM Rational CLM, Rational Team Concert RTC and Rational Engineering Lifecycle Manager RELM are collaborative lifecycle management solutions; Rational DOORS Next Generation RDNG is a requirements...

5.4CVSS6.4AI score0.00538EPSS
Exploits0References1
CNVD
CNVD
added 2016/12/29 12:0 a.m.6 views

Multiple IBM Rational Products Information Disclosure Vulnerabilities

IBM Rational Collaborative Lifecycle Management CLM, etc. are products of IBM Corporation in the U.S. IBM Rational CLM, Rational Team Concert RTC and Rational Engineering Lifecycle Manager RELM are collaborative lifecycle management solutions; Rational DOORS Next Generation RDNG is a requirements...

4.3CVSS6.7AI score0.00773EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2016/11/30 11:59 a.m.2 views

CVE-2016-3014

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17,...

5.4CVSS5.7AI score0.01324EPSS
Exploits0References7
CVE
CVE
added 2016/11/30 11:0 a.m.58 views

CVE-2016-3014

The CVE-2016-3014 entry concerns a Cross-Site Scripting (XSS) vulnerability in IBM Jazz Foundation-based products, including CLM, RDNG, RELM, RTC, RQM, RSA DM, and Rhapsody DM. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Affected...

5.4CVSS4.9AI score0.01324EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2016/11/25 3:59 a.m.3 views

CVE-2016-2947

IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2...

4CVSS5.5AI score0.00826EPSS
Exploits0References3
CVE
CVE
added 2016/11/25 3:38 a.m.60 views

CVE-2016-2986

IBM CVE-2016-2986 affects IBM Jazz-based products in CLM/RQM/RTC/RDNG/RELM/Rhapsody DM (versions 6.0.x prior to fixed 6.0.1 iFix6). The vulnerability is an XSS that lets remote authenticated users inject arbitrary JavaScript/HTML via unspecified vectors, potentially impacting credentials in a tru...

5.4CVSS4.9AI score0.00615EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2016/11/25 3:38 a.m.54 views

CVE-2016-2947

CVE-2016-2947 describes an information disclosure vulnerability in IBM Jazz Foundation products (CLM, RQM, RTC, RDNG, RELM, Rhapsody DM, RSA DM) and related RFPs. The issue affects multiple versions across CLM 4.0–6.0.2, RQM 4.0–4.0.7/5.0–5.0.2/6.0–6.0.2, RTC 4.0–4.0.7/5.0–5.0.2/6.0–6.0.2, RDNG 4...

4CVSS3.2AI score0.00826EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder