IBM Rational Collaborative Lifecycle Management Cross-Site Scripting Vulnerability (CNVD-2019-20845)

IBM Rational Collaborative Lifecycle Management CLM is a suite of collaborative lifecycle management solutions from IBM in the United States. The solution combines three products, RTC, RQM, and RRC, in a single IBM SmartCloud Enterprise cloud environment image to provide requirements management,...

CVE-2018-1827

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

PT-2019-16890 · Ibm · Ibm Jazz Foundation +1

Name of the Vulnerable Software and Affected Versions: IBM Jazz Foundation products IBM Rational Collaborative Lifecycle Management versions 6.0 through 6.0.6.1 Description: The issue allows an authenticated user to obtain sensitive information from CLM Applications, which could be used in furthe...

IBM Rational Collaborative Lifecycle Management Jazz Foundation Cross-Site Scripting Vulnerability

IBM Rational Collaborative Lifecycle Management CLM is a suite of collaborative lifecycle management solutions from IBM in the United States. The solution combines RTC, RQM, and RRC products in an IBM SmartCloud Enterprise cloud environment image to provide requirements management, change and...

CVE-2017-1762

IBM Jazz Foundation IBM Rational Collaborative Lifecycle Management 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2017-1653

IBM Jazz Foundation IBM Rational Collaborative Lifecycle Management 6.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2017-1365

IBM Team Concert RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

CVE-2015-7469

Report Builder in IBM Jazz Reporting Service JRS 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restrictions by leveraging a JazzGuest role...

CVE-2015-7469

CVE-2015-7469 affects IBM Jazz Reporting Service (JRS) Report Builder. The vulnerability arises from improper access control: users with JazzGuest roles can manipulate data that should be read-only. Affected versions include Jazz Reporting Service 5.0, 5.0.1, 5.0.2 and 6.0. IBM’s bulletin recomme...

CVE-2015-7468

CVE-2015-7468 concerns IBM Jazz Reporting Service (JRS) as part of Rational Insight. The vulnerability allows remote authenticated users to bypass restrictions on administrator tasks due to improper access control, affecting JRS 5.x up to 5.0.2-Rational-CLM-ifix011 and 6.0 up to 6.0.0-Rational-CL...

CVE-2015-7470

CVE-2015-7470 affects IBM Jazz Reporting Service (JRS) Report Builder in Rational Insight. Affected versions are JRS 5.0/5.0.1/5.0.2 and 6.0 prior to the indicated fixes. The vulnerability enables a man-in-the-middle attacker to obtain sensitive information (e.g., login information) via unspecifi...

CVE-2015-7467

The CVE-2015-7467 issue affects IBM Jazz Reporting Service (JRS) via the Report Builder component. Affected versions are JRS 5.x prior to 5.0.2-Rational-CLM-ifix011 and 6.0 prior to 6.0.0-Rational-CLM-ifix005. The root cause is cross-site scripting (XSS) due to improper validation of user-supplie...

CVE-2015-4962

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management CLM 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager RQM 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team...

CVE-2015-1928

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management CLM 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager RQM 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4;...

CVE-2015-0130

CVE-2015-0130 describes a cross-site scripting vulnerability in IBM Jazz Foundation/CLM stack (including CLM, RRC, RDNG, RTC, RQM ). The root cause is improper validation of user-supplied input, allowing remote authenticated users to craft a URL that executes arbitrary script/HTML in the victim’s...

IBM Collaborative Lifecycle Management Applications远程代码执行漏洞

BUGTRAQ ID: 65900 CVE ID: CVE-2014-0862 Collaborative Lifecycle Management Applications是产品生命周期管理解决方案。 IBM Rational Collaborative Lifecycle Management CLM 3.0.1.6 iFix 2之前版本、4.0.6之前版本中，Jazz Team Server存在安全漏洞，可使远程攻击者利用此漏洞执行任意代码。 0 IBM Collaborative Lifecycle Management Applications 4.x IBM...

CVE-2014-0862

Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management CLM 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors...