CVE-2016-3014

The CVE-2016-3014 entry concerns a Cross-Site Scripting (XSS) vulnerability in IBM Jazz Foundation-based products, including CLM, RDNG, RELM, RTC, RQM, RSA DM, and Rhapsody DM. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Affected...

CVE-2016-2926

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0...

CVE-2016-0318

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation...

CVE-2016-0318

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation...

CVE-2016-0317

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

CVE-2016-0316

Cross-site scripting XSS vulnerability in Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

Design/Logic Flaw

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation...

CVE-2016-0317

The CVE-2016-0317 issue affects IBM Jazz Reporting Service’s Lifecycle Query Engine (LQE) shipped with Jazz Reporting Service 6.0 and 6.0.1 (prior to 6.0.1 iFix006). The vulnerability enables remote attackers to hijack click actions (clickjacking) via unspecified vectors. The IBM advisory groups ...

CVE-2016-0318

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation...

CVE-2016-2986

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle...

CVE-2016-2947

IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle...

CVE-2016-2986

IBM CVE-2016-2986 affects IBM Jazz-based products in CLM/RQM/RTC/RDNG/RELM/Rhapsody DM (versions 6.0.x prior to fixed 6.0.1 iFix6). The vulnerability is an XSS that lets remote authenticated users inject arbitrary JavaScript/HTML via unspecified vectors, potentially impacting credentials in a tru...

CVE-2016-2947

CVE-2016-2947 describes an information disclosure vulnerability in IBM Jazz Foundation products (CLM, RQM, RTC, RDNG, RELM, Rhapsody DM, RSA DM) and related RFPs. The issue affects multiple versions across CLM 4.0–6.0.2, RQM 4.0–4.0.7/5.0–5.0.2/6.0–6.0.2, RTC 4.0–4.0.7/5.0–5.0.2/6.0–6.0.2, RDNG 4...

Cross-Site Scripting Vulnerability in Multiple IBM Products

IBM Rational Collaborative Lifecycle Management CLM and others are products of IBM Corporation in the U.S. IBM Rational CLM, Rational Team Concert RTC and Rational Engineering Lifecycle Manager are collaborative lifecycle management solutions. Manager are collaborative lifecycle management...

CVE-2016-2864

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0...

CVE-2016-0372

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert...

CVE-2016-0325

CVE-2016-0325 affects IBM Jazz-based CLM stack (Rational CLM/RQM/RRTC/RDNG/RELM/RSA DM and related) with multiple versions vulnerable prior to specific iFixes. The issue allows an authenticated remote attacker to execute arbitrary OS commands via a crafted HTTP request, impacting several CLM comp...

CVE-2016-2864

Summary: CVE-2016-2864 is a cross-site scripting (XSS) vulnerability affecting multiple IBM Jazz-based products (CLM, RQM, RTC, RDNG, RELM, Rhapsody DM, RSA DM) with affected versions ranging from CLM 3.0.1.6 to 6.0.x. The root cause is improper validation of user-supplied input, allowing remote ...

CVE-2016-0273

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0...