Lucene search
+L

137 matches found

CVE
CVE
added 2019/03/14 11:0 p.m.44 views

CVE-2018-1929

IBM Rational Engineering Lifecycle Manager (RELM) versions 5.0–6.0.6 are affected by an information-disclosure vulnerability: a malicious user who knows the URL to any view can access information they should not see. CVSS v3 base score 4.3 (MEDIUM); attack vector NETWORK; privileges required LOW;...

4.3CVSS4.3AI score0.01316EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/03/14 11:0 p.m.62 views

CVE-2018-1952

IBM Jazz Foundation’s RELM (IBM Rational Engineering Lifecycle Manager) 5.0–6.0.6 is affected by a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The issue is docu...

5.4CVSS5.1AI score0.00968EPSS
Exploits0References3Affected Software7
CVE
CVE
added 2019/03/14 11:0 p.m.45 views

CVE-2018-1914

CVE-2018-1914 affects IBM Rational Engineering Lifecycle Manager (REL M) 5.0 through 6.0.6. The root cause is a cross-site scripting vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. Public records ...

5.4CVSS5.1AI score0.00968EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/03/14 11:0 p.m.21 views

CVE-2018-1929

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120...

4.3CVSS4.1AI score0.01316EPSS
Exploits0References3
CVE
CVE
added 2019/03/14 11:0 p.m.54 views

CVE-2018-1910

IBM Rational Engineering Lifecycle Manager (REL M) versions 5.0 through 6.0.6 are affected by a cross-site scripting (XSS) vulnerability that lets an attacker embed arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. Root cause: improper hand...

5.4CVSS5.1AI score0.00968EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/03/14 11:0 p.m.22 views

CVE-2018-1952

IBM Jazz Foundation IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

5.4CVSS5.2AI score0.00968EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/03/14 11:0 p.m.21 views

CVE-2018-1910

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

5.4CVSS5.2AI score0.00968EPSS
Exploits0References3
NVD
NVD
added 2019/03/14 10:29 p.m.15 views

CVE-2018-1914

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

5.4CVSS5.2AI score0.00968EPSS
Exploits0References3
NVD
NVD
added 2019/03/14 10:29 p.m.17 views

CVE-2018-1929

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120...

4.3CVSS4.1AI score0.01316EPSS
Exploits0References3
NVD
NVD
added 2019/03/14 10:29 p.m.22 views

CVE-2018-1910

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

5.4CVSS5.2AI score0.00968EPSS
Exploits0References3
Prion
Prion
added 2019/03/14 10:29 p.m.18 views

Cross site scripting

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

3.5CVSS5.1AI score0.00968EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/03/14 10:29 p.m.19 views

Cross site scripting

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

3.5CVSS5.1AI score0.00968EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/03/14 10:29 p.m.15 views

Information disclosure

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120...

4CVSS4.1AI score0.01316EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2019/03/14 10:29 p.m.22 views

CVE-2018-1916

IBM Jazz Foundation IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

5.4CVSS5.2AI score0.00968EPSS
Exploits0References3
OSV
OSV
added 2019/03/14 10:29 p.m.4 views

CVE-2018-1929

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120...

4.3CVSS5.8AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/08 9:30 p.m.21 views

Security Bulletin: Multiple security vulnerabilities affect Rational Engineering Lifecycle Manager

Summary Rational Engineering Lifecycle Manager is affected by multiple security vulnerabilities Vulnerability Details CVEID: CVE-2018-1929 DESCRIPTION: IBM RELM could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should n...

5.4CVSS0.9AI score0.01316EPSS
Exploits0Affected Software1
Prion
Prion
added 2018/11/02 3:29 p.m.17 views

Xxe

IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:...

5.5CVSS6.8AI score0.01853EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/11/02 3:29 p.m.17 views

CVE-2018-1846

IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:...

7.1CVSS6.8AI score0.01853EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/11/02 3:0 p.m.20 views

CVE-2018-1846

IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:...

7.1CVSS6.8AI score0.01853EPSS
Exploits0References2
CVE
CVE
added 2018/11/02 3:0 p.m.44 views

CVE-2018-1846

IBM Rational Engineering Lifecycle Manager (RELM) versions 5.0–5.0.2 and 6.0–6.0.6 are affected by a XML External Entity (XXE) vulnerability in XML data processing. A remote attacker could disclose sensitive information or exhaust memory Resources. A fix is available: upgrade to RELM 6.0.6 with i...

7.1CVSS6.8AI score0.01853EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder