PT-2019-9513 · Ibm · Ibm Rational Collaborative Lifecycle Management

Name of the Vulnerable Software and Affected Versions: IBM Rational Collaborative Lifecycle Management versions 6.0 through 6.0.6.1 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...

Security Bulletin: Security vulnerability has been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2019-0221)

Summary Jazz Team Server is shipped as a component of Jazz Reporting Service JRS. Information about a security vulnerability affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. Vulnerability Details CVEID: CVE-2019-0221 DESCRIPTION: Apache Tomcat is...

Unauthorized Access Vulnerability in Collaborative Office System of Yunnan Ruoshui Network Technology Co.

Yunnan Ruoshui Network Technology Co., Ltd. is an Internet service company. An unauthorized access vulnerability exists in the collaborative office system of Yunnan Ruoshui Network Technology Co. An attacker can obtain sensitive information of website users by brute force cracking...

JC6 Collaborative OA platform has xml entity injection vulnerability

JC6 collaborative OA platform is a collaborative office platform based on the J2EE framework. JC6 collaborative OA platform xml entity injection vulnerability, an attacker can use the vulnerability to read arbitrary files...

IBM Rational Collaborative Lifecycle Management Cross-Site Scripting Vulnerability

IBM Rational Collaborative Lifecycle Management CLM is a suite of collaborative lifecycle management solutions from IBM in the United States. The solution combines three products, RTC, RQM, and RRC, in a single IBM SmartCloud Enterprise cloud environment image to provide requirements management,...

IDArling - Collaborative Reverse Engineering Plugin For IDA Pro & Hex-Rays

IDArling is a collaborative reverse engineering plugin for IDA Pro and Hex-Rays. It allows to synchronize in real-time the changes made to a database by multiple users, by connecting together different instances of IDA Pro. The main features of IDArling are: hooking general user events structure...

CVE-2018-1658

IBM Jazz Foundation IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6 is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrar...

CVE-2018-1688

IBM Jazz Foundation IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

CVE-2018-1688

Summary (CVE-2018-1688) IBM Jazz Foundation, used by CLM 5.0–6.0.6, is vulnerable to cross-site scripting in the Web UI, potentially allowing a trusted-session credential disclosure. The issue affects multiple CLM-related products built on IBM Jazz technology. Remediation is available via upgrade...

CVE-2018-1658

IBM Jazz Foundation IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6 is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrar...

Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2018-1890, CVE-2018-12547, CVE-2019-2426, CVE-2018-11212)

Summary Jazz Team Server is shipped as a component of Jazz Reporting Service JRS. Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. Vulnerability Details CVEID: CVE-2018-1890 DESCRIPTION: IBM SDK, Java...

Forcing the Adversary to Pursue Insider Theft

Jack Crook pointed me toward a story by Christopher Burgess about intellectual property theft by "Hongjin Tan, a 35 year old Chinese national and U.S. legal permanent resident... who was arrested on December 20 and charged with theft of trade secrets. Tan is alleged to have stolen the trade secre...

Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.5: New vulnerability form We are happy to introduce our new vulnerability form which makes the creation and editing of vulnerabilities easier. The new form brings you tabs to make it smaller and group different fields. Custom fields Add...

Faraday v3.4 - Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.4: Services can now be tagged. With this new feature, you can now easily identify important services, geolocate them and more. New search operators OR/NOT In a previous release we added the AND operator, now with 3.4 you can also use OR...

CVE-2018-1762

The CVE-2018-1762 issue affects IBM Rational CLM and related Jazz-based products (CLM 5.0–5.0.2 and 6.0–6.0.6; QA Manager, Team Concert, DOORS NG, RQM, Rhapsody DM, RSA DM, and others) where a cross-site scripting vulnerability in the Web UI allows an attacker to inject arbitrary JavaScript, pote...

CVE-2018-1762

IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

SQL Injection Vulnerability in Collaborative Office Management Platform of Beijing Lianda Power Information Technology Development Co.

Beijing Lianda Power Information Technology Development Co., Ltd. collaborative office management platform is an automated system for office information processing. A SQL injection vulnerability exists in the Collaborative Office Management Platform of Beijing Lianda Power Information Technology...

Faraday v3.3 - Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.3: Workspace archive You are now able to make the whole workspace read only and archive it for future use. This allows to clear the clutter from all your ongoing projects while giving you the opportunity to continue with your work later ...

Information Disclosure Vulnerability in Multiple IBM Products (CNVD-2019-01574)

IBM Rational Collaborative Lifecycle Management is a collaborative lifecycle management solution. IBM Rational Collaborative Lifecycle Management is a collaborative lifecycle management solution; Rational Quality Manager is a collaborative, Web-based quality management solution; IBM Jazz is one o...

IBM InfoSphere Master Data Management Collaborative Edition Information Disclosure Vulnerability

IBM InfoSphere Master Data Management MDM is an IBM solution for helping organizations manage enterprise-wide master data information about customers, suppliers, products, and accounts. The solution supports the centralization of multiple data domains through three master data usage styles:...