EUVD-2012-2154

Malware in sbrugna...

CVE-2012-2160

IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPPTEMPLATEFLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security...

Security Bulletin: Multiple Vulnerabilities in Rational Change

Summary Vulnerabilities in the Jetty component shipped with Rational Change may affect the security of the product. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication...

Security Bulletin: Multiple Vulnerabilities in Rational Change 5.3.2 Fix Pack 05 and earlier versions.

Summary Vulnerabilities in the Jetty 9.4.48 and earlier component shipped with Rational Change may affect the security of the product. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...

Security Bulletin: Vulnerability in Rational Change 5.3.2 Fix Pack 05 and earlier versions.

Summary Vulnerability in the Apache Commons FileUpload before 1.5 and earlier component shipped with Rational Change may affect the security of the product. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused b...

IBM Rational Change Cross-Site Scripting Vulnerability (CNVD-2022-77517)

IBM Rational Change is a software tool from IBM Corporation, USA. provides software configuration management functionality for all artifacts related to software development, including source code, documentation and images, as well as final build software executables and libraries. A cross-site...

Security Bulletin: Multiple Vulnerabilities in Rational Change 5.3.2 Fix Pack 04 and earlier versions.

Summary Vulnerabilities in the Jetty 9.4.42 and earlier component shipped with Rational Change may affect the security of the product. Vulnerability Details CVEID:CVE-2022-2191 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw with SslConnection does not release...

CVE-2012-2160

IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPPTEMPLATEFLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security...

Cross site scripting

IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPPTEMPLATEFLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security...

IBM Rational Change 跨站脚本漏洞

IBM Rational Change is a software tool from IBM Corporation, USA. provides software configuration management functionality for all artifacts related to software development, including source code, documentation and images, as well as final build software executables and libraries. A cross-site...

Security Bulletin: Vulnerability in Jasper, Version 8 Service Refresh 5 Fix Pack 33, used in Jetty Server 9.4.14 where Rational Change is deployed.

Summary A security vulnerability in Jasper, Version 8 Service Refresh 5 Fix Pack 33, used in Jetty Server 9.4.14 is affecting IBM Rational Change. Vulnerability Details CVEID: CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the...

Security Bulletin: Critical Security Vulnerability in RDS Client library affecting Rational Synergy (CVE-2014-3089)

Summary Clear text password in IBM Rational Directory Server RDS supplied Client library could allow potential hacker to gain access to RDS and access to unauthorized data used by consuming products such as Rational Synergy. Vulnerability Details | Subscribe to My Notifications to be notified of...

CVE-2012-2160

CVE-2012-2160 affects IBM Rational Change 5.3. The vulnerability arises from improper validation of user-supplied input, enabling a cross-site scripting attack via the SUPP_TEMPLATE_FLAG URL parameter. When a victim clicks a specially crafted link, an attacker could execute script in the browser ...

CVE-2012-2160

IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPPTEMPLATEFLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security...

PT-2020-6836 · Ibm · Ibm Rational Change

Name of the Vulnerable Software and Affected Versions: IBM Rational Change version 5.3 Description: The issue is caused by improper validation of user-supplied input, leading to cross-site scripting. A remote attacker could exploit this using the SUPP TEMPLATE FLAG parameter in a specially-crafte...

Security Bulletin: Multiple vulnerabilities in Jasper used in Jetty 8.1.3 Server where Rational Change is deployed

Summary There are multiple vulnerabilities in Jasper, Version 2 Service Refresh 2 Fix Pack 2, used by Jetty 8.1.3 is affecting IBM Rational Change. Vulnerability Details The following are the list of vulnerabilities affecting IBM Rational Change: CVEID: CVE-2017-7658 DESCRIPTION: Eclipse Jetty is...

Security Bulletin: Open Redirect and Cross-Site Scripting Vulnerabilities in the Rational Change Help System (CVE-2012-2159, CVE-2012-2161)

Summary Some scripts in the help system used by IBM Rational Change are vulnerable to open redirect or cross-site scripting attacks. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires...

Security Bulletin: Rational Change is affected by vulnerabilities (CVE-2014-5325 and CVE-2014-5326) in Java Open Source Direct Web Remoting library.

Summary The DOMConverter, JDOMConverter, DOM4JConverter, and XOMConverter functions in Direct Web Remoting DWR through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference,...

Security Bulletin: Vulnerability in SSLv3 affects Rational Change (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in Rational Change. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow thi...

Security Bulletin: Critical Security Vulnerability in Rational Directory Server (Tivoli and Apache) (CVE-2014-3089)

Summary A security vulnerability impacts IBM Rational Directory Server RDS 5.2.x, 5.1.1.x and Rational Directory Administrator RDA 6.x Java Client library. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more...