Lucene search
K
IbmEngineering Requirements Quality Assistant On-premises

29 matches found

CVE
CVE
added 2022/03/18 3:40 p.m.81 views

CVE-2021-29899

CVE-2021-29899 affects IBM Engineering Requirements Quality Assistant On-Premises prior to 3.1.3. An authenticated user could cause a denial of service due to improper handling of incoming error messages. IBM’s IBM Security Bulletin indicates upgrading to RQA 3.1.3 fixes the issue. No exploitatio...

6.5CVSS6.4AI score0.01011EPSS
CVE
CVE
added 2022/07/18 5:0 p.m.75 views

CVE-2021-29788

CVE-2021-29788 affects IBM Engineering Requirements Quality Assistant On-Premises (all versions). A cross-site scripting vulnerability arises from inadequate data validation/output filtering, allowing an attacker to embed arbitrary JavaScript in the Web UI and potentially disclose credentials wit...

5.4CVSS5.2AI score0.00421EPSS
CVE
CVE
added 2022/07/18 5:0 p.m.70 views

CVE-2021-38868

CVE-2021-38868 : IBM Engineering Requirements Quality Assistant On-Premises (all versions) is vulnerable to cross-site request forgery. The vulnerability could allow an attacker to forge actions executed from a trusted user session, enabling malicious/unauthorized requests. The IBM bulletin for t...

6.5CVSS6.4AI score0.00321EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.69 views

CVE-2021-20506

CVE-2021-20506 concerns IBM Jazz Foundation products (notably IBM Engineering Workflow Management, IBM Engineering Lifecycle Optimization – Engineering Insights, IBM Engineering Requirements Quality Assistant On-Premises, among others) suffering from cross-site scripting in the Web UI that could ...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.68 views

CVE-2021-20447

CVE-2021-20447 affects IBM Jazz Foundation products with a cross-site scripting (XSS) vulnerability in the Web UI that can allow embedding arbitrary JavaScript and potentially lead to credentials disclosure within a trusted session. Connected sources confirm affected components such as IBM Engine...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/07/19 4:0 p.m.65 views

CVE-2021-20507

The CVE-2021-20507 entry affects IBM Jazz Foundation and IBM Engineering products, where a cross-site scripting flaw allows embedding arbitrary JavaScript in the Web UI, potentially exposing credentials within a trusted session. The vulnerability centers on Web UI script execution enabled by the ...

5.4CVSS5.3AI score0.00495EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.65 views

CVE-2021-20518

The CVE-2021-20518 issue affects IBM Jazz Foundation products (EWM, RTC, RELM, ENI, and IBM Engineering Requirements Quality Assistant On-Premises). It is described as a cross-site scripting vulnerability allowing an attacker to embed arbitrary JavaScript in the Web UI, with potential credential ...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2022/07/18 5:0 p.m.64 views

CVE-2021-29799

IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to CVE-2021-29799 due to improper client-side validation, allowing an authenticated user to obtain sensitive information ( Confidentiality impact: High; Integrity/Availability: None). The issue is documented a...

6.5CVSS6AI score0.00729EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.63 views

CVE-2021-20520

CVE-2021-20520 is an IBM Jazz Foundation cross-site scripting (XSS) vulnerability affecting IBM Jazz Team Server based applications. The issue allows an attacker to inject arbitrary JavaScript into the Web UI, potentially exposing credentials within a trusted session. Affected products/versions i...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.62 views

CVE-2020-4856

CVE-2020-4856 is a stored cross-site scripting vulnerability in IBM Engineering products, notably IBM Engineering DOORS Next (and related ELN/LRM/RQM/EWM/RTC families). The Web UI can embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a tru...

6.4CVSS5.4AI score0.00539EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.61 views

CVE-2021-20351

CVE-2021-20351 describes a cross-site scripting vulnerability in IBM Engineering products, allowing attackers to inject arbitrary JavaScript via the Web UI and potentially disclose credentials within a trusted session. The issue affects multiple IBM Engineering products in the Engineering Lifecyc...

5.4CVSS5.3AI score0.00541EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.60 views

CVE-2021-20352

Summary (CVE-2021-20352) : IBM Jazz Foundation products are vulnerable to cross-site scripting that can let an attacker embed arbitrary JavaScript in the Web UI, potentially disclosing credentials within a trusted session. The vulnerability affects multiple IBM Jazz-related products/versions, inc...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.60 views

CVE-2021-20504

CVE-2021-20504 affects IBM Jazz Foundation products with a cross-site scripting vulnerability in the Web UI that could lead to credentials disclosure in a trusted session. Affected products/versions include IBM Engineering Workflow Management (EWM) 7.0, 7.0.1, 7.0.2; IBM Engineering Lifecycle Opt...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.59 views

CVE-2021-20350

CVE-2021-20350 affects IBM Engineering products, notably the IBM Engineering Requirements Quality Assistant (and related EL/DOORS/RQM/EWM components). The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to inject arbitrary JavaScript, potentially leading to...

5.4CVSS5.5AI score0.00541EPSS
CVE
CVE
added 2022/07/18 5:0 p.m.59 views

CVE-2021-29790

CVE-2021-29790 affects IBM Engineering Requirements Quality Assistant On-Premises (All versions). It is a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Exploitati...

5.4CVSS5.2AI score0.00421EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.58 views

CVE-2020-4857

CVE-2020-4857 is a stored cross-site scripting vulnerability affecting IBM Engineering products (DOORS Next, RDNG, EWM, RTC, ETM, RQM, RQA On-Prem, and related components). The root cause is improper sanitization in the Web UI that allows an attacker to embed arbitrary JavaScript in the browser, ...

6.4CVSS5.4AI score0.0068EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.56 views

CVE-2020-4866

CVE-2020-4866 is an IBM Engineering-related cross-site scripting vulnerability affecting multiple IBM Jazz Team Server family products (e.g., EWM, DOORS Next, RDNG, RTC, RQM, GCM, ETM, RQM, EWM, etc.). The issue targets the Web UI, enabling an attacker to embed arbitrary JavaScript and potentiall...

5.4CVSS5.5AI score0.00539EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.56 views

CVE-2021-20340

CVE-2021-20340 affects IBM Engineering products including Engineering Test Management (ETM), DOORS Next, RDNG, EWM, RTC, and related IBM Jazz-based tooling. The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leadi...

5.4CVSS5.5AI score0.00539EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.56 views

CVE-2021-20502

IBM Jazz Foundation Products are affected by an XML External Entity (XXE) vulnerability in XML processing (CVE-2021-20502). Impact could include exposure of sensitive data or memory/resource exhaustion. Affected offerings include EWM, RTC, RELM, ENI, and IBM Engineering Requirements Quality Assis...

7.1CVSS7.2AI score0.01398EPSS
CVE
CVE
added 2021/10/27 4:0 p.m.54 views

CVE-2021-29844

CVE-2021-29844 affects IBM Jazz Team Server family (including CLM, DOORS Next, ELM, EWM, RTC, and related IBM Engineering products). The vulnerability is a server-side request forgery (SSRF) due to insufficient validation of user input, enabling an authenticated attacker to cause the server to se...

8.8CVSS8.7AI score0.00573EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.53 views

CVE-2021-20503

CVE-2021-20503 concerns IBM Jazz Foundation products and is described as a cross-site scripting vulnerability that could allow an attacker to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The initial and linked records indicate a...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.52 views

CVE-2020-4975

CVE-2020-4975 is an XSS vulnerability in IBM Engineering products (ELM family) where unauthenticated web UI inputs can inject arbitrary JavaScript, potentially exposing credentials within a trusted session. Affected products/versions include RDNG (6.0.2, 6.0.6.1/6.0.6/6.0.2), DOORS Next (7.0, 7.0...

5.4CVSS5.5AI score0.00539EPSS
CVE
CVE
added 2021/07/28 12:25 p.m.52 views

CVE-2020-5004

CVE-2020-5004 is a cross-site scripting vulnerability in IBM Jazz Foundation Web UI that could allow an attacker to embed arbitrary JavaScript and potentially disclose credentials in a trusted session. The issue affects IBM Jazz Foundation–based products (as listed in IBM advisories) and is refle...

5.4CVSS5.3AI score0.00495EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.51 views

CVE-2020-4863

CVE-2020-4863 affects IBM Engineering products (e.g., RDNG, DOORS Next, EWM, ETM, RQM, RTC and related IBM Jazz-based apps). The issue is a stored cross-site scripting in the Web UI that could lead to credentials disclosure in a trusted session. Affected versions span multiple 6.0.x–7.0.x release...

6.4CVSS5.4AI score0.00539EPSS
CVE
CVE
added 2021/07/28 12:25 p.m.51 views

CVE-2020-4974

CVE-2020-4974 affects IBM Jazz Foundation and multiple IBM Engineering products (EWM, DOORS Next, RTC, RDNG, RQM, ELN/ENI/RELM/ELM, etc.). The vulnerability is Server-Side Request Forgery (SSRF) that an authenticated attacker could exploit to cause the system to send unauthorized requests, enabli...

6.5CVSS6.3AI score0.00598EPSS
CVE
CVE
added 2021/01/08 2:45 p.m.46 views

CVE-2020-4666

CVE-2020-4666 affects IBM Engineering Requirements Quality Assistant On-Premises. The vulnerability is a cross-site scripting flaw in the Web UI that could let an attacker embed arbitrary JavaScript in the UI, potentially altering functionality and disclosing credentials within a trusted session....

5.4CVSS5.5AI score0.00554EPSS
CVE
CVE
added 2021/01/08 2:45 p.m.44 views

CVE-2020-4664

CVE-2020-4664 affects IBM Engineering Requirements Quality Assistant On-Premises. The issue is a cross-site scripting vulnerability that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. Connected sources confirm this is ti...

5.4CVSS5.5AI score0.00554EPSS
CVE
CVE
added 2021/01/08 2:45 p.m.44 views

CVE-2020-4667

CVE-2020-4667 affects IBM Engineering Requirements Quality Assistant On-Premises. An authenticated user could obtain sensitive information due to improper input validation. The NVD entry lists a MEDIUM severity (CVSS v3.1 base score 4.3) with network attack vector, low privileges required, and no...

4.3CVSS5AI score0.00806EPSS
CVE
CVE
added 2021/01/08 2:45 p.m.43 views

CVE-2020-4663

CVE-2020-4663 affects IBM Engineering Requirements Quality Assistant On-Premises and describes a cross-site scripting (XSS) vulnerability in the Web UI that could allow embedding arbitrary JavaScript and potentially disclose credentials within a trusted session. The primary impact, as stated, is ...

5.4CVSS5.5AI score0.00554EPSS