137 matches found
CVE-2018-1929
IBM Rational Engineering Lifecycle Manager (RELM) versions 5.0–6.0.6 are affected by an information-disclosure vulnerability: a malicious user who knows the URL to any view can access information they should not see. CVSS v3 base score 4.3 (MEDIUM); attack vector NETWORK; privileges required LOW;...
CVE-2018-1952
IBM Jazz Foundation’s RELM (IBM Rational Engineering Lifecycle Manager) 5.0–6.0.6 is affected by a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The issue is docu...
CVE-2018-1914
CVE-2018-1914 affects IBM Rational Engineering Lifecycle Manager (REL M) 5.0 through 6.0.6. The root cause is a cross-site scripting vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. Public records ...
CVE-2018-1929
IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120...
CVE-2018-1910
IBM Rational Engineering Lifecycle Manager (REL M) versions 5.0 through 6.0.6 are affected by a cross-site scripting (XSS) vulnerability that lets an attacker embed arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. Root cause: improper hand...
CVE-2018-1952
IBM Jazz Foundation IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2018-1910
IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
CVE-2018-1914
IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
CVE-2018-1929
IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120...
CVE-2018-1910
IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
Cross site scripting
IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
Cross site scripting
IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
Information disclosure
IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120...
CVE-2018-1916
IBM Jazz Foundation IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2018-1929
IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120...
Security Bulletin: Multiple security vulnerabilities affect Rational Engineering Lifecycle Manager
Summary Rational Engineering Lifecycle Manager is affected by multiple security vulnerabilities Vulnerability Details CVEID: CVE-2018-1929 DESCRIPTION: IBM RELM could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should n...
Xxe
IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:...
CVE-2018-1846
IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:...
CVE-2018-1846
IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:...
CVE-2018-1846
IBM Rational Engineering Lifecycle Manager (RELM) versions 5.0–5.0.2 and 6.0–6.0.6 are affected by a XML External Entity (XXE) vulnerability in XML data processing. A remote attacker could disclose sensitive information or exhaust memory Resources. A fix is available: upgrade to RELM 6.0.6 with i...