Cross site scripting

IBM Jazz Foundation IBM Rational Collaborative Lifecycle Management 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

Code injection

IBM RSA DM IBM Rational Collaborative Lifecycle Management 5.0 and 6.0 could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625...

CVE-2017-1629

IBM Jazz Foundation IBM Rational Collaborative Lifecycle Management 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

Cross site scripting

IBM Jazz Foundation IBM Rational Collaborative Lifecycle Management 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2017-1602

Summary of CVE-2017-1602 (IBM RSA DM/CLM) : IBM Rational Collaborative Lifecycle Management (CLM) 5.0–6.0.5 is affected by an unauthenticated exposure vulnerability in RSA DM where an authenticated user can access settings they should not be able to via a specially crafted URL. The NVD entry assi...

CVE-2017-1655

Consolidated for CVE-2017-1655: IBM Jazz Foundation (IBM Rational CLM 5.0/6.0) contains a cross-site scripting vulnerability in the Web UI that could allow an attacker to inject arbitrary JavaScript and potentially disclose credentials in a trusted session. The IBM Security Bulletin lists affecte...

CVE-2017-1762

IBM Jazz Foundation in Rational CLM (versions 5.0–6.0) is affected by a cross-site scripting vulnerability in the Web UI. The issue allows an attacker to inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Affected products include CLM components—R...

CVE-2017-1524

IBM Jazz Foundation IBM Rational Collaborative Lifecycle Management 5.0 and 6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970...

CVE-2017-1524

CVE-2017-1524 affects IBM Jazz Foundation (part of IBM Rational CLM 5.0/6.0). An authenticated user could obtain sensitive information from a specially crafted HTTP request, potentially aiding future attacks. The issue is documented with a CVSS v3 base score of 4.3 (Network, Low UI, Privileges Lo...

Design/Logic Flaw

IBM Rational Collaborative Lifecycle Management CLM 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager RQM 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational...

CVE-2015-7449

IBM Rational Collaborative Lifecycle Management CLM 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager RQM 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management CLM 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager RQM 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management CLM 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager RQM 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x...

CVE-2015-7453

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management CLM 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager RQM 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x...

CVE-2015-7471

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management CLM 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager RQM 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x...

CVE-2015-7453

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management CLM 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager RQM 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x...

CVE-2015-7471

CVE-2015-7471 is an XSS vulnerability affecting IBM Jazz-based CLM products (and associated RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM, and Jazz Team Server components) across multiple versions (CLM 3.0.1–6.0.1, RQM 3.0.x–3.0.1.6, RTC 3.0.x–6.0.x, RRC 3.0.x–4.0.x, RDNG 4.0.x–6.0.x, RELM 4.0.3...

CVE-2015-7440

IBM Rational Collaborative Lifecycle Management CLM 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager RQM 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2...

In Cybersecurity, the Fastest Decision Maker Wins Most Often

During the Korean War, John Boyd, an Air Force pilot and military strategist, studied why the F-86 Sabre was so successful in shooting down the Russian MiG-15 of that generation. Boyd discovered that the U.S. planes, while inferior to the Russian MiG in terms of speed, range, and altitude, were...

IBM Rational Collaborative Lifecycle Management Cross-Site Scripting Vulnerability

IBM Rational Collaborative Lifecycle Management CLM is a suite of collaborative lifecycle management solutions from IBM in the United States. The solution combines RTC, RQM, and RRC products in an IBM SmartCloud Enterprise cloud environment image to provide requirements management, change and...