146 matches found
Security Bulletin: IBM Java Quarterly CPU - July 2014 affecting Rational Software Architect for Websphere Software (CVE-2014-0411)
Summary Timing differences based on validity of TLS messages can be exploited to decrypt the entire session. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID...
Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Software Architect for WebSphere Software (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Software Architect for WebSphere Software. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Rational Software Architect, Software Architect for WebSphere Software & Rational Software Architect RealTime (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931, CVE-2015-4872)
Summary There are multiple vulnerabilities in IBM® SDKs Java™ Technology Edition, Versions 7 and 8 that is used by IBM Rational Software Architect, IBM Rational Software Architect for WebSphere Software and IBM Rational Software Architect RealTime. These issues were disclosed as part of the IBM...
Security Bulletin: Multiple vulnerabilities affecting the Cordova platform and IBM SDK Node.js packaged with Rational Software Architect and Rational Software Architect for WebSphere Software
Summary Multiple vulnerabilities have been discovered that affect the Cordova platform and IBM SDK Node.js packaged with Rational Software Architect and Rational Software Architect for WebSphere software CVE-2014-3500, CVE-2014-3501, CVE-2014-3502, CVE-2014-5256, CVE-2014-7191, CVE-2014-7192,...
Security Bulletin: A Security Vulnerability exists in the Dojo runtime that affects Rational Software Architect and Rational Software Architect for Websphere Software
Summary The dojox/form/resources/fileuploader.swf, dojox/form/resources/uploader.swf, dojox/av/resources/audio.swf, and dojox/av/resources/video.swf files exhibit an cross-site scripting XSS vulnerability. Any web application using the IBM Dojo Toolkit and providing those files might be subject t...
Security Bulletin: Vulnerabilities in OpenSSL affects Rational Software Architect for Websphere Software
Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by the Cordova platform packaged with Rational Software Architect for Websphere Software and has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0207 DESCRIPTION: OpenSSL ...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2020 - Includes Oracle Jan 2020 CPU minus CVE-2020-2585, CVE-2020-2654, and CVE-2020-2590
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 8 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM Java SDK updates in Jan 2020...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2019 - Includes Oracle Oct 2019 CPU minus CVE-2019-2949
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 8 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM Java SDK updates in Oct 2019...
IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager Cross-Site Scripting Vulnerabilities (CNVD-2018-23901)
IBM Rational Rhapsody Design Manager is collaborative design management software built on the IBM Jazz platform that helps design team members and stakeholders share, track, review, and manage designs.IBM Rational Software Architect Design Manager is a IBM Rational Software Architect Design Manag...
Security Bulletin: Rational Software Architect Design Manager is vulnerable to cross-site scripting (CVE-2018-1400)
Summary RSA DM allowed injection of arbitrary JavaScript code into configuration names, which could later get executed during some configuration management operations. Vulnerability Details CVEID: CVE-2018-1400 DESCRIPTION: IBM Rhapsody DM is vulnerable to cross-site scripting. This vulnerability...
CVE-2018-1585
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus...
CVE-2018-1536
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus...
Cross site scripting
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus...
CVE-2018-1587
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be...
CVE-2018-1535
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus...
Cross site scripting
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus...
CVE-2018-1535
CVE-2018-1535 affects IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager. Vulnerability: cross-site scripting in the Web UI that can allow embedding arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a trusted...
Security Bulletin: IBM Rational Software Architect Design Manager does not handle incoming requests containing XML in a safe manner (CVE-2018-1456, CVE-2018-1587)
Summary Usage of XML external entities in RSA DM linktype definitions comprises a security risk including disclosure of local files. An error message displayed when parsing incorrect XML can disclose unnecessary technical details that can be potentially used to construct new attacks. Vulnerabilit...
Security Bulletin: IBM Rational Software Architect Design Manager is vulnerable to cross-site scripting (XSS) attack (CVE-2017-1462)
Summary Document web editor in RSA DM could be vulnerable to cross-site scripting attack if document content was tampered. Vulnerability Details CVEID: CVE-2017-1462 DESCRIPTION: IBM Rhapsody DM is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript...
Security Bulletin: Multiple vulnerabilities in certain services of IBM Rational Software Architect Design Manager
Summary A number of services in Rational Software Architect Design Manager were not sanitizing user input properly thus potentially allowing cross-site scripting, json hijacking, and HTML injection attacks. Vulnerability Details CVEID: CVE-2015-7485 DESCRIPTION: IBM Jazz technology based products...