Lucene search
K
IbmRational Collaborative Lifecycle Management

141 matches found

CVE
CVE
added 2017/06/13 7:0 p.m.86 views

CVE-2017-1099

CVE-2017-1099 – IBM Jazz Foundation information disclosure : Multiple sources describe an information-disclosure vulnerability in IBM Jazz Foundation components (part of IBM Rational CLM/RTC/RQM, etc.). The provided documents state that an authenticated user could potentially access sensitive inf...

4.3CVSS4.9AI score0.03335EPSS
CVE
CVE
added 2017/11/27 9:0 p.m.72 views

CVE-2016-6024

CVE-2016-6024 affects NetComm Wireless HSPA 3G10WVE Wireless Router. The issue is a command injection in the ping.cgi page via the DIA_IPADDRESS parameter, enabling an unauthenticated attacker to inject commands and potentially compromise the device. Public materials describe authentication bypas...

4.3CVSS5.1AI score0.00739EPSS
CVE
CVE
added 2014/03/02 2:0 a.m.69 views

CVE-2014-0862

The CVE-2014-0862 entry concerns an unspecified remote-code-execution vulnerability in Jazz Team Server used by IBM Rational CLM components. Relevant fixed versions, per connected advisories, are: CLM 4.x before 4.0.6; CLM 3.x prior to 3.0.1.6 iFix 2. IBM advisories note CLM components affected i...

10CVSS7.5AI score0.04254EPSS
CVE
CVE
added 2019/06/27 1:45 p.m.68 views

CVE-2018-1827

The CVE-2018-1827 entry affects IBM Rational CLM 6.0–6.0.6.1 (including CLM components: CLM, DOORS Next, QRM, RTC, Rhapsody DM, RSA DM, RMM). Root cause: cross-site scripting in the Web UI that allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted s...

5.4CVSS5.4AI score0.00597EPSS
CVE
CVE
added 2016/11/24 7:41 p.m.66 views

CVE-2016-0273

The CVE-2016-0273 entry applies to IBM Jazz-based CLM suite (and related products: RQM, RTC, RDNG, RELM, Rhapsody DM, RSA DM, etc.) with a cross-site scripting vulnerability exploitable by remote authenticated users via a specially crafted URL to inject arbitrary web script/HTML. The root cause i...

5.4CVSS5.1AI score0.00615EPSS
CVE
CVE
added 2019/06/27 1:45 p.m.66 views

CVE-2018-1758

CVE-2018-1758 affects IBM Rational CLM 6.0–6.0.6.1 across CLM components (CLM, RQM, RTC, DOORS Next Gen, Rhapsody/RA DM, and related). The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to inject JavaScript, potentially leading to credential disclosure wit...

5.4CVSS5.5AI score0.00597EPSS
CVE
CVE
added 2020/09/02 6:25 p.m.65 views

CVE-2020-4445

CVE-2020-4445 affects IBM Jazz Team Server based applications with a cross-site scripting vulnerability in the WEB UI. The issue enables embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. The vulnerability is identified across mult...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2021/07/19 4:0 p.m.65 views

CVE-2021-20507

The CVE-2021-20507 entry affects IBM Jazz Foundation and IBM Engineering products, where a cross-site scripting flaw allows embedding arbitrary JavaScript in the Web UI, potentially exposing credentials within a trusted session. The vulnerability centers on Web UI script execution enabled by the ...

5.4CVSS5.3AI score0.00495EPSS
CVE
CVE
added 2017/12/11 9:0 p.m.64 views

CVE-2017-1507

CVE-2017-1507 corresponds to an information-disclosure vulnerability in IBM Jazz Foundation/CLM stack (e.g., Rational CLM, RTC, RQM, DOORS Next Gen, etc.) where a scan could leak sensitive data. Affected versions include Rational CLM/RCS/RTC/RQM families from 4.0 up to 6.0.4, with remediation via...

4.3CVSS4.1AI score0.00739EPSS
CVE
CVE
added 2018/07/06 2:0 p.m.64 views

CVE-2017-1509

CVE-2017-1509 concerns IBM Jazz Foundation products. An authenticated user could obtain sensitive information from a stack trace, which could aid future attacks (information disclosure). The CVE is discussed across multiple sources including NVD and IBM’s Security Bulletin on Jazz-based products,...

4.3CVSS4.3AI score0.00976EPSS
CVE
CVE
added 2019/06/27 1:45 p.m.64 views

CVE-2019-4083

CVE-2019-4083 affects IBM Jazz Foundation products (Rational CLM suite: CLM, RQM, RTC, DOORS, etc.) with cross-site scripting in the Web UI. Affected versions are 6.0–6.0.6.1. The root cause is an XSS vulnerability that could allow an attacker to inject arbitrary JavaScript, potentially leading t...

5.4CVSS5.4AI score0.00679EPSS
CVE
CVE
added 2016/01/02 9:0 p.m.63 views

CVE-2015-1928

CVE-2015-1928 affects IBM Jazz-based CLM ecosystem (Jazz Team Server and multiple CLM apps such as RRC, RDNG, RELM, RTC, RQM, Rhapsody DM, RSA DM, etc.). The connected IBM bulletin confirms a remote attacker can exploit via a crafted website to hijack the victim’s click actions (clickjacking). Af...

6.8CVSS6.1AI score0.01202EPSS
CVE
CVE
added 2018/07/06 2:0 p.m.63 views

CVE-2017-1237

CVE-2017-1237 concerns a cross-site scripting vulnerability in IBM Jazz-based applications. The issue affects IBM Jazz Team Server and CLM-related products (CLM, RDNG, RELM, RTC, RQM, Rhapsody Design Manager, RSA Design Manager) across multiple versions (notably 5.0.x to 6.0.x). The underlying ri...

5.4CVSS5.2AI score0.0066EPSS
CVE
CVE
added 2018/07/06 2:0 p.m.63 views

CVE-2017-1559

CVE-2017-1559 affects IBM Jazz-based Rational CLM/RQM/RRTC etc. products; the issue allows disclosure of sensitive information when an attacker intercepts vulnerable requests. The IBM bulletin lists impacted products (CLM 5.0–6.0.5, RQM, RTC, RDNG, RELM, RSA DM, Rhapsody DM, etc.) and provides re...

4.3CVSS5.6AI score0.00897EPSS
CVE
CVE
added 2021/10/27 4:0 p.m.63 views

CVE-2021-29713

CVE-2021-29713 affects IBM Jazz Team Server and related IBM Engineering Lifecycle Management components. The vulnerability is a cross-site scripting (XSS) flaw in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted s...

5.4CVSS5.5AI score0.0048EPSS
CVE
CVE
added 2018/03/15 10:0 p.m.62 views

CVE-2015-7453

CVE-2015-7453 : IBM Jazz/CLM family (including CLM, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) are vulnerable to cross-site scripting via remote crafted URLs. Affects CLM products 3.0.1–6.0.1, RQM 3.0.x–6.0.1, RTC 3.0.x–6.0.1, RRC 3.0.x–4.0.x, RDNG 4.0–6.0.1, RELM 4.0.x–6.0.1, Rhapsody DM 4....

6.1CVSS5.7AI score0.0087EPSS
CVE
CVE
added 2017/12/27 4:0 p.m.62 views

CVE-2017-1365

IBM Team Concert (RTC) and IBM Rational CLM are affected by a cross-site scripting vulnerability in the Web UI that can allow an attacker to inject arbitrary JavaScript and potentially disclose credentials within a trusted session. The CVE entry covers IBM Rational CLM/RRC components including CL...

5.4CVSS5.2AI score0.0054EPSS
CVE
CVE
added 2016/01/03 2:0 a.m.61 views

CVE-2015-4962

CVE-2015-4962 affects IBM Jazz-based CLM ecosystem (including CLM, RTC, RQM, RRC, RDNG, RELM, Rhapsody DM, RSA DM, etc.). The root cause is weak permissions on unspecified project areas, allowing remote authenticated users to obtain sensitive information via unknown vectors. Impact is information...

3.5CVSS3.5AI score0.00454EPSS
CVE
CVE
added 2018/10/02 3:0 p.m.61 views

CVE-2018-1558

CVE-2018-1558 describes cross-site scripting in IBM Rational CLM and related Jazz-based products. Affected products include CLM, RDNG, RELM, RTC, RQM, Rhapsody DM, and RSA DM across 5.x and 6.x (up to 6.0.6). The vulnerability arises from a Web UI XSS flaw that can lead to credential disclosure w...

5.4CVSS5.1AI score0.0066EPSS
CVE
CVE
added 2019/06/27 1:45 p.m.61 views

CVE-2018-1760

Affected software: IBM Rational CLM suite (including CLM, RQM, RTC, DOORS Next Gen, RSM, RSA DM) running 6.0 – 6.0.6.1. Vulnerability: Cross-site scripting in the Web UI that allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Root cause ...

5.4CVSS5.4AI score0.00597EPSS
CVE
CVE
added 2021/10/27 4:0 p.m.61 views

CVE-2021-29774

Summary: CVE-2021-29774 affects IBM Jazz Team Server family (including CLM, ELM, DOORS Next, RTC, EWM, Rhapsody) where an authenticated user could obtain elevated privileges under certain configurations. The root cause is insufficient validation of user privileges, enabling privilege escalation w...

7.5CVSS7.5AI score0.0095EPSS
CVE
CVE
added 2018/07/03 7:0 p.m.60 views

CVE-2017-1312

CVE-2017-1312 affects IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management (RCLM) versions 5.0–5.0.2 and 6.0–6.0.5, via cross-site scripting in the Web UI that can lead to credentials disclosure within a trusted session. Root cause: reflected/stored XSS in the Web UI...

5.4CVSS5.4AI score0.00711EPSS
CVE
CVE
added 2018/07/03 7:0 p.m.60 views

CVE-2017-1717

The CVE-2017-1717 entry involves IBM Rational Quality Manager and Rational Collaborative Lifecycle Management (versions 5.0–5.0.2 and 6.0–6.0.5) suffering a cross-site scripting (XSS) vulnerability in the Web UI that can allow embedding arbitrary JavaScript and potentially disclose credentials wi...

5.4CVSS5.4AI score0.0066EPSS
CVE
CVE
added 2019/06/27 1:45 p.m.60 views

CVE-2019-4084

IBM Jazz Foundation (CLM) vulnerability CVE-2019-4084 affects Rational CLM products version 6.0 to 6.0.6.1. An authenticated user could obtain sensitive information from CLM Applications, as described in multiple sources (NVD/NVD-derived entries, CNVD, and IBM bulletin). The issue is categorized ...

4.3CVSS4.7AI score0.01003EPSS
CVE
CVE
added 2020/09/02 6:25 p.m.60 views

CVE-2020-4522

IBM Jazz Team Server based Applications are affected by a cross-site scripting vulnerability (CVE-2020-4522) in the Web UI, potentially enabling an attacker to inject arbitrary JavaScript and cause credentials disclosure within a trusted session. Affected products include IBM Engineering DOORS Ne...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2018/03/15 10:0 p.m.59 views

CVE-2015-7440

CVE-2015-7440 affects IBM Jazz-based CLM/RQM/RTC/etc. A local privilege-escalation vulnerability exists across multiple CLM family products (CLM 3.0.1.x up to 6.x; RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) that could allow a local user to gain privileges via unspecified vectors. Connected I...

7.8CVSS7.3AI score0.00319EPSS
CVE
CVE
added 2016/11/24 7:41 p.m.59 views

CVE-2016-0284

The CVE-2016-0284 entry relates to an XML External Entity (XXE) vulnerability in the XML parser used by IBM Jazz-based CLM products. Affected products include Rational Collaborative Lifecycle Management (across 3.0.1.6 up to 6.0.2), Rational Quality Manager, Rational Team Concert, Rational DOORS ...

5.5CVSS5.5AI score0.00944EPSS
CVE
CVE
added 2016/11/24 7:41 p.m.59 views

CVE-2016-0372

CVE-2016-0372 affects IBM Jazz-based CLM/RTC/RQM and related products. The vulnerability stems from not setting the secure flag on the session cookie in SSL mode, allowing a remote attacker to capture the cookie over HTTP. Impact is cookie exposure, not full remote code execution. Affected versio...

4.3CVSS4.5AI score0.00877EPSS
CVE
CVE
added 2017/06/13 7:0 p.m.59 views

CVE-2016-9973

IBM Security Bulletin AFBE46D8 confirms CVE-2016-9973 as a Cross-Site Scripting flaw in IBM Jazz Foundation/Web UI affecting IBM Jazz Team Server and multiple Rational products in CLM/RQM/RDNG/RTP families. The vulnerability arises in the Jazz Foundation component and could let an attacker inject...

5.4CVSS5.2AI score0.00738EPSS
CVE
CVE
added 2018/07/03 7:0 p.m.59 views

CVE-2017-1277

CVE-2017-1277 affects IBM Rational Quality Manager (RQM) and IBM Rational Collaborative Lifecycle Management (RCLM) versions 5.0–5.0.2 and 6.0–6.0.5. The vulnerability is a cross-site scripting flaw that lets an attacker embed arbitrary JavaScript in the Web UI, potentially leading to credential ...

5.4CVSS5.4AI score0.0066EPSS
CVE
CVE
added 2018/07/03 7:0 p.m.59 views

CVE-2017-1608

CVE-2017-1608 is a cross-site scripting vulnerability affecting IBM Rational Quality Manager (RQM) and IBM Rational Collaborative Lifecycle Management (RCLM) versions 5.0–5.0.2 and 6.0–6.0.5. The root cause is improper handling of input in the Web UI that allows embedding arbitrary JavaScript, po...

5.4CVSS5.4AI score0.00711EPSS
CVE
CVE
added 2018/07/03 7:0 p.m.59 views

CVE-2017-1691

IBM Rational Quality Manager and Rational Collaborative Lifecycle Management versions 5.0–5.0.2 and 6.0–6.0.5 are affected by a cross-site scripting (XSS) vulnerability in the Web UI that can lead to credentials disclosure within a trusted session. Root cause is not explicitly detailed in the pro...

5.4CVSS5.4AI score0.0066EPSS
CVE
CVE
added 2018/04/24 2:0 p.m.59 views

CVE-2017-1700

The CVE-2017-1700 issue involves IBM Jazz Team Server and associated Rational products (CLM, RDNG, RELM, RTC, RQM, Rhapsody Design Manager, RSA DM). Description from IBM security bulletin: an authenticated user may cause a denial of service due to incorrect authorization in resource-intensive sce...

6.5CVSS6.2AI score0.01146EPSS
CVE
CVE
added 2019/06/27 1:45 p.m.59 views

CVE-2019-4250

CVE-2019-4250 is an XSS vulnerability in IBM Jazz Foundation products (IBM Rational CLM 6.0–6.0.6.1) affecting the Web UI and potentially enabling credentials disclosure within a trusted session. Root cause: cross-site scripting due to improper input handling in the Web UI. Affected products span...

5.4CVSS5.4AI score0.00673EPSS
CVE
CVE
added 2016/11/30 11:0 a.m.58 views

CVE-2016-3014

The CVE-2016-3014 entry concerns a Cross-Site Scripting (XSS) vulnerability in IBM Jazz Foundation-based products, including CLM, RDNG, RELM, RTC, RQM, RSA DM, and Rhapsody DM. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Affected...

5.4CVSS4.9AI score0.01324EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.58 views

CVE-2016-6061

The CVE-2016-6061 entry maps to IBM Jazz Foundation and is confirmed as a cross-site scripting vulnerability in the Jazz Web UI. The IBM Security Bulletin details multiple CLM-related products affected (Rational Collaborative Lifecycle Management, Rational Team Concert, Rational Quality Manager, ...

5.4CVSS5.2AI score0.00538EPSS
CVE
CVE
added 2017/11/27 9:0 p.m.58 views

CVE-2017-1240

CVE-2017-1240 affects IBM Rational Rhapsody Design Manager (RDM) within IBM CLM family. Affected versions: RDM 4.0–4.0.7, 5.0–5.0.2, and 6.0–6.0.4. Description in connected sources shows an information-disclosure flaw where sensitive data could be exposed via HTTP 500 Internal Server Error respon...

4.3CVSS4.2AI score0.00916EPSS
CVE
CVE
added 2017/11/27 9:0 p.m.58 views

CVE-2017-1251

CVE-2017-1251 describes an undisclosed vulnerability in IBM CLM applications that may cause some administrative deployment parameters to be exposed to an attacker. IBM IBM Jazz/CLM family products (RTC, RQM, RRC, and related CLM components such as RDNG, RELM, Rhapsody Design Manager, RSA DM, etc....

4.3CVSS4.4AI score0.00739EPSS
CVE
CVE
added 2019/06/27 1:45 p.m.58 views

CVE-2018-1826

The CVE-2018-1826 issue affects IBM Rational CLM versions 6.0–6.0.6.1 (including RQM/RTC/Rational DOORS Next Gen etc.). It is a Cross-Site Scripting vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript to alter functionality and potentially disclose credentials within a tr...

5.4CVSS5.4AI score0.00597EPSS
CVE
CVE
added 2017/03/31 6:0 p.m.57 views

CVE-2016-9707

CVE-2016-9707: IBM Jazz Foundation is affected by an XML External Entity (XXE) vulnerability in XML processing, enabling potential exposure of sensitive data or memory exhaustion. The IBM security bulletin maps the affected products to the IBM Jazz CLM family (including Rational Collaborative Lif...

8.1CVSS8.1AI score0.01517EPSS
CVE
CVE
added 2018/07/03 7:0 p.m.57 views

CVE-2017-1299

Summary: CVE-2017-1299 affects IBM Rational Quality Manager and Rational Collaborative Lifecycle Management. The vulnerability is a cross-site scripting flaw in the Web UI that can allow embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Affect...

5.4CVSS5.4AI score0.0066EPSS
CVE
CVE
added 2018/07/03 7:0 p.m.57 views

CVE-2017-1316

Affected products/versions: IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management (RCLM) 5.0–5.0.2 and 6.0–6.0.5. Issue: cross-site scripting (XSS) in the Web UI enables embedding arbitrary JavaScript, potentially leading to credential disclosure within a trusted sess...

5.4CVSS5.4AI score0.00711EPSS
CVE
CVE
added 2017/11/27 9:0 p.m.57 views

CVE-2017-1570

CVE-2017-1570 affects IBM Jazz Foundation/Jazz-based CLM products, allowing an authenticated user to obtain sensitive information from stack traces. The IBM Security Bulletin documents the impact across Rational CLM/RQM/RTC/RRC families (and related Jazz Team Server components) with a base CVSS v...

4.3CVSS4.1AI score0.00916EPSS
CVE
CVE
added 2018/07/03 7:0 p.m.57 views

CVE-2017-1592

This CVE (CVE-2017-1592) affects IBM Rational Quality Manager (RQM) and IBM Rational Collaborative Lifecycle Management (RCLM). Affected versions are RCLM 5.0–5.0.2 and 6.0–6.0.5, and RQM 5.0–5.0.2 and 6.0–6.0.5. Root cause (per the sources) is cross-site scripting in the Web UI that permits embe...

5.4CVSS5.4AI score0.00667EPSS
CVE
CVE
added 2018/04/24 2:0 p.m.57 views

CVE-2017-1725

CVE-2017-1725 is an undisclosed information-disclosure vulnerability affecting IBM Jazz Team Server and multiple IBM Rational products based on Jazz technology (including CLM, RDNG, RELM, RTC, RQM, Rhapsody DM, RSA DM). The IBM security bulletin consolidates affected versions across CLM/RQM/RTC/R...

4.3CVSS4.7AI score0.00972EPSS
CVE
CVE
added 2019/06/27 1:45 p.m.57 views

CVE-2019-4249

CVE-2019-4249 affects IBM Rational CLM stack (6.0–6.0.6.1). A cross-site scripting flaw allows embedding arbitrary JavaScript in the Web UI, potentially exposing credentials within a trusted session. Affected components include Rational CLM, DOORS Next Gen, Quality Manager, Team Concert, Rhapsody...

5.4CVSS5.4AI score0.00673EPSS
CVE
CVE
added 2021/07/19 4:0 p.m.57 views

CVE-2020-5031

CVE-2020-5031 concerns cross-site scripting in IBM Jazz Foundation and IBM Engineering products. Multiple connected sources describe that an attacker could embed arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. ...

5.4CVSS5.2AI score0.00495EPSS
CVE
CVE
added 2016/01/03 2:0 a.m.56 views

CVE-2015-4946

CVE-2015-4946 affects IBM CLM/Jazz-based products (RCLM, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) and related Jazz Team Server components. The issue allows an authenticated user to bypass access restrictions and perform unauthorized actions due to a design/logic flaw in IBM Rational LifeCy...

3.3CVSS3.8AI score0.00303EPSS
CVE
CVE
added 2017/10/25 12:0 p.m.56 views

CVE-2017-1164

CVE-2017-1164 is an IBM Jazz Foundation cross-site scripting vulnerability. The IBM bulletin groups it with multiple vulnerabilities affecting IBM Jazz Team Server products (CLM, RDNG, RELM, RTC, RQM, Rhapsody DM, RSA DM) and confirms the issue as a reflected web UI XSS that can lead to credentia...

5.4CVSS5.2AI score0.00729EPSS
CVE
CVE
added 2018/07/03 7:0 p.m.56 views

CVE-2017-1313

CVE-2017-1313 affects IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management, specifically versions 5.0–5.0.2 and 6.0–6.0.5. The issue is a cross-site scripting vulnerability in the Web UI that can allow an attacker to embed arbitrary JavaScript and potentially disclose ...

5.4CVSS5.4AI score0.00711EPSS
Total number of security vulnerabilities141