Cross site scripting

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Design/Logic Flaw

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 159883...

Cross site scripting

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Cross site scripting

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Cross site scripting

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2019-4250

CVE-2019-4250 is an XSS vulnerability in IBM Jazz Foundation products (IBM Rational CLM 6.0–6.0.6.1) affecting the Web UI and potentially enabling credentials disclosure within a trusted session. Root cause: cross-site scripting due to improper input handling in the Web UI. Affected products span...

CVE-2019-4249

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2018-1892

CVE-2018-1892 affects IBM Rational Collaborative Lifecycle Management and related CLM components (6.0 to 6.0.6.1). The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to inject arbitrary JavaScript, potentially leading to credentials disclosure within a tru...

CVE-2018-1758

CVE-2018-1758 affects IBM Rational CLM 6.0–6.0.6.1 across CLM components (CLM, RQM, RTC, DOORS Next Gen, Rhapsody/RA DM, and related). The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to inject JavaScript, potentially leading to credential disclosure wit...

CVE-2018-1827

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2018-1893

CVE-2018-1893 affects IBM Rational CLM family (CLM 6.0–6.0.6.1), including Rational Quality Manager, DOORS Next, Team Concert, Rhapsody products, and related components. The issue is a cross-site scripting vulnerability in the Web UI that could let an attacker inject arbitrary JavaScript, potenti...

CVE-2018-1760

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2018-1827

The CVE-2018-1827 entry affects IBM Rational CLM 6.0–6.0.6.1 (including CLM components: CLM, DOORS Next, QRM, RTC, Rhapsody DM, RSA DM, RMM). Root cause: cross-site scripting in the Web UI that allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted s...

CVE-2018-1826

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2018-1760

Affected software: IBM Rational CLM suite (including CLM, RQM, RTC, DOORS Next Gen, RSM, RSA DM) running 6.0 – 6.0.6.1. Vulnerability: Cross-site scripting in the Web UI that allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Root cause ...

CVE-2018-1893

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2019-4252

CVE-2019-4252 affects IBM Rational Collaborative Lifecycle Management and related Jazz-based products (CLM 6.0–6.0.6.1; including RTC/RQM/RRC and associated components). Root cause: directory traversal via crafted URL requests containing "/../" sequences, enabling a remote attacker to view arbitr...

CVE-2019-4249

CVE-2019-4249 affects IBM Rational CLM stack (6.0–6.0.6.1). A cross-site scripting flaw allows embedding arbitrary JavaScript in the Web UI, potentially exposing credentials within a trusted session. Affected components include Rational CLM, DOORS Next Gen, Quality Manager, Team Concert, Rhapsody...

CVE-2018-1826

The CVE-2018-1826 issue affects IBM Rational CLM versions 6.0–6.0.6.1 (including RQM/RTC/Rational DOORS Next Gen etc.). It is a Cross-Site Scripting vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript to alter functionality and potentially disclose credentials within a tr...

CVE-2019-4084

IBM Jazz Foundation (CLM) vulnerability CVE-2019-4084 affects Rational CLM products version 6.0 to 6.0.6.1. An authenticated user could obtain sensitive information from CLM Applications, as described in multiple sources (NVD/NVD-derived entries, CNVD, and IBM bulletin). The issue is categorized ...