Lucene search
K
IbmRational Engineering Lifecycle Manager

141 matches found

CVE
CVE
added 2021/01/08 8:40 p.m.87 views

CVE-2020-4697

CVE-2020-4697 is a cross-site scripting vulnerability in IBM Jazz Foundation and related IBM Engineering products (notably IBM Engineering Workflow Management). The Web UI can be affected by an attacker embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted...

5.4CVSS5.1AI score0.00554EPSS
CVE
CVE
added 2017/06/13 7:0 p.m.86 views

CVE-2017-1099

CVE-2017-1099 – IBM Jazz Foundation information disclosure : Multiple sources describe an information-disclosure vulnerability in IBM Jazz Foundation components (part of IBM Rational CLM/RTC/RQM, etc.). The provided documents state that an authenticated user could potentially access sensitive inf...

4.3CVSS4.9AI score0.03335EPSS
CVE
CVE
added 2021/01/08 8:40 p.m.83 views

CVE-2020-4544

IBM CVE-2020-4544 describes an information-disclosure vulnerability in IBM Jazz Foundation where a remote attacker could obtain sensitive data from detailed technical error messages returned by the browser. The issue affects IBM Jazz Foundation products within the IBM Engineering Lifecycle Manage...

4.3CVSS4.4AI score0.00982EPSS
CVE
CVE
added 2021/01/08 8:40 p.m.83 views

CVE-2020-4733

The CVE-2020-4733 entry corresponds to a cross-site scripting vulnerability in IBM Jazz Foundation/Engineering products (IBM Engineering Test Management and related Web UI components). The IBM Security Bulletin lists affected products and versions, noting that an attacker could embed arbitrary Ja...

5.4CVSS5.1AI score0.00554EPSS
CVE
CVE
added 2021/01/08 8:40 p.m.82 views

CVE-2020-4487

Summary: The CVE-2020-4487 issue affects IBM Jazz Foundation and related IBM Engineering Lifecycle Management products (e.g., ELM, DOORS Next, ENI, EWM, RTC, RMM, RDM, RQM, ELN) where a remote attacker could obtain sensitive information from a detailed technical error message returned by a browse...

4.3CVSS4.4AI score0.00982EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.77 views

CVE-2021-20346

CVE-2021-20346 affects IBM Jazz Foundation and IBM Engineering products, with a server-side request forgery (SSRF) flaw that could allow an authenticated attacker to send unauthorized requests from the system, potentially enabling network enumeration. The vulnerability is discussed across multipl...

5.5CVSS6AI score0.00504EPSS
CVE
CVE
added 2021/01/08 8:40 p.m.75 views

CVE-2020-4691

CVE-2020-4691 is an XSS vulnerability in IBM Jazz Foundation products (and related IBM Engineering Workflow Management components) where an attacker could embed arbitrary JavaScript in the Web UI, potentially exposing credentials in a trusted session. The connected IBM security bulletin lists aff...

5.4CVSS5.1AI score0.00554EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.75 views

CVE-2021-20347

CVE-2021-20347 : IBM Jazz Foundation and IBM Engineering products are affected by a server-side request forgery (SSRF). The description notes authenticated attackers could cause the system to send unauthorized requests, enabling network enumeration or other attacks. The IBM bulletin (and CNVD/NVD...

5.5CVSS6AI score0.00504EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.74 views

CVE-2021-20338

Summary: CVE-2021-20338 is a cross-site scripting vulnerability affecting IBM Jazz Foundation and IBM Engineering products, including IBM Engineering Test Management. Public disclosures reference a Web UI XSS that can allow an attacker to embed arbitrary JavaScript, potentially leading to credent...

5.4CVSS5.5AI score0.00495EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.73 views

CVE-2020-4495

CVE-2020-4495 concerns IBM Jazz Foundation and IBM Engineering products where an improper access control in the REST API allows a remote attacker to bypass restrictions and perform arbitrary actions with administrative privileges. The vulnerability affects multiple IBM Engineering product lines (...

9CVSS8.7AI score0.02648EPSS
CVE
CVE
added 2017/11/27 9:0 p.m.72 views

CVE-2016-6024

CVE-2016-6024 affects NetComm Wireless HSPA 3G10WVE Wireless Router. The issue is a command injection in the ping.cgi page via the DIA_IPADDRESS parameter, enabling an unauthenticated attacker to inject commands and potentially compromise the device. Public materials describe authentication bypas...

4.3CVSS5.1AI score0.00739EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.72 views

CVE-2021-20343

CVE-2021-20343 describes a server-side request forgery (SSRF) vulnerability affecting IBM Jazz Foundation and multiple IBM Engineering products (e.g., DOORS Next, RDNG, PUB, RQM, ETM, CLM, ELM, ENI, RMM, RELM, RDM, etc.). The underlying issue enables an authenticated attacker to cause the system ...

5.5CVSS6AI score0.00504EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.72 views

CVE-2021-20345

This CVE-2021-20345 describes a server-side request forgery (SSRF) vulnerability affecting IBM Jazz Foundation and IBM Engineering products. Affected components include DOORS Next, RDNG, PUB, RQM, ETM, CLM, ELM, RMM, RELM, ENI and related Deployments (versions listed in the Affected Products and ...

5.5CVSS6AI score0.00504EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.72 views

CVE-2021-20371

CVE-2021-20371 describes an information-disclosure vulnerability in IBM Jazz Foundation and IBM Engineering products where error messages returned in the browser could reveal sensitive data. Affected products include IBM Jazz Foundation and Engineering Lifecycle Management suite (ELM) and related...

6.5CVSS6.5AI score0.01195EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.71 views

CVE-2021-20348

CVE-2021-20348 describes a server-side request forgery (SSRF) affecting IBM Jazz Foundation and IBM Engineering products. An authenticated attacker could issue unauthorized requests from the system, enabling network enumeration or related abuse. Connected sources enumerate affected products (DOOR...

5.5CVSS6.1AI score0.00504EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.69 views

CVE-2021-20506

CVE-2021-20506 concerns IBM Jazz Foundation products (notably IBM Engineering Workflow Management, IBM Engineering Lifecycle Optimization – Engineering Insights, IBM Engineering Requirements Quality Assistant On-Premises, among others) suffering from cross-site scripting in the Web UI that could ...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.69 views

CVE-2021-29670

CVE-2021-29670 is a cross-site scripting vulnerability affecting IBM Jazz Foundation and IBM Engineering products (including Engineering Insights, DOORS Next, RQM, ETM, EWM, ELN, etc.). The issue allows an attacker to embed arbitrary JavaScript in the Web UI, potentially altering functionality an...

5.4CVSS5.5AI score0.00495EPSS
CVE
CVE
added 2019/06/27 1:45 p.m.68 views

CVE-2018-1827

The CVE-2018-1827 entry affects IBM Rational CLM 6.0–6.0.6.1 (including CLM components: CLM, DOORS Next, QRM, RTC, Rhapsody DM, RSA DM, RMM). Root cause: cross-site scripting in the Web UI that allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted s...

5.4CVSS5.4AI score0.00597EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.68 views

CVE-2021-20447

CVE-2021-20447 affects IBM Jazz Foundation products with a cross-site scripting (XSS) vulnerability in the Web UI that can allow embedding arbitrary JavaScript and potentially lead to credentials disclosure within a trusted session. Connected sources confirm affected components such as IBM Engine...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.68 views

CVE-2021-29668

CVE-2021-29668 is a cross-site scripting (XSS) vulnerability affecting IBM Jazz Foundation and IBM Engineering products (ELM/DOORS Next/RQM/ETM/ENI/RMM/etc.). The WEB UI fails to validate user-supplied data, allowing an attacker to inject JavaScript and potentially disclose credentials within a t...

5.4CVSS5.5AI score0.00495EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.67 views

CVE-2020-4977

Summary: CVE-2020-4977 is an stored cross-site scripting vulnerability in IBM Engineering Lifecycle Optimization - Publishing. The issue affects the Web UI where arbitrary JavaScript could be embedded, potentially leading to credentials disclosure within a trusted session. The problem is associat...

5.4CVSS5.4AI score0.00495EPSS
CVE
CVE
added 2016/11/24 7:41 p.m.66 views

CVE-2016-0273

The CVE-2016-0273 entry applies to IBM Jazz-based CLM suite (and related products: RQM, RTC, RDNG, RELM, Rhapsody DM, RSA DM, etc.) with a cross-site scripting vulnerability exploitable by remote authenticated users via a specially crafted URL to inject arbitrary web script/HTML. The root cause i...

5.4CVSS5.1AI score0.00615EPSS
CVE
CVE
added 2019/06/27 1:45 p.m.66 views

CVE-2018-1758

CVE-2018-1758 affects IBM Rational CLM 6.0–6.0.6.1 across CLM components (CLM, RQM, RTC, DOORS Next Gen, Rhapsody/RA DM, and related). The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to inject JavaScript, potentially leading to credential disclosure wit...

5.4CVSS5.5AI score0.00597EPSS
CVE
CVE
added 2020/09/02 6:25 p.m.65 views

CVE-2020-4445

CVE-2020-4445 affects IBM Jazz Team Server based applications with a cross-site scripting vulnerability in the WEB UI. The issue enables embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. The vulnerability is identified across mult...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.65 views

CVE-2020-4732

CVE-2020-4732 is described in connected sources as an authorization-related information disclosure affecting IBM Engineering Test Management (ETM) and related IBM Jazz/Engineering products. The vulnerability allows an authenticated user to obtain sensitive information due to lack of security rest...

6.5CVSS6.5AI score0.00801EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.65 views

CVE-2020-5030

CVE-2020-5030 is an XSS vulnerability in IBM Engineering Test Management (and IBM Jazz/Engineering platforms) affecting versions 7.0.0 and 7.0.1. The flaw allows an attacker to inject arbitrary JavaScript into the Web UI, potentially exposing credentials within a trusted session. The issue is doc...

5.4CVSS5.5AI score0.00495EPSS
CVE
CVE
added 2021/07/19 4:0 p.m.65 views

CVE-2021-20507

The CVE-2021-20507 entry affects IBM Jazz Foundation and IBM Engineering products, where a cross-site scripting flaw allows embedding arbitrary JavaScript in the Web UI, potentially exposing credentials within a trusted session. The vulnerability centers on Web UI script execution enabled by the ...

5.4CVSS5.3AI score0.00495EPSS
CVE
CVE
added 2018/07/06 2:0 p.m.64 views

CVE-2017-1237

CVE-2017-1237 concerns a cross-site scripting vulnerability in IBM Jazz-based applications. The issue affects IBM Jazz Team Server and CLM-related products (CLM, RDNG, RELM, RTC, RQM, Rhapsody Design Manager, RSA Design Manager) across multiple versions (notably 5.0.x to 6.0.x). The underlying ri...

5.4CVSS5.2AI score0.0066EPSS
CVE
CVE
added 2017/12/11 9:0 p.m.64 views

CVE-2017-1507

CVE-2017-1507 corresponds to an information-disclosure vulnerability in IBM Jazz Foundation/CLM stack (e.g., Rational CLM, RTC, RQM, DOORS Next Gen, etc.) where a scan could leak sensitive data. Affected versions include Rational CLM/RCS/RTC/RQM families from 4.0 up to 6.0.4, with remediation via...

4.3CVSS4.1AI score0.00739EPSS
CVE
CVE
added 2018/07/06 2:0 p.m.64 views

CVE-2017-1509

CVE-2017-1509 concerns IBM Jazz Foundation products. An authenticated user could obtain sensitive information from a stack trace, which could aid future attacks (information disclosure). The CVE is discussed across multiple sources including NVD and IBM’s Security Bulletin on Jazz-based products,...

4.3CVSS4.3AI score0.00976EPSS
CVE
CVE
added 2019/06/27 1:45 p.m.64 views

CVE-2019-4083

CVE-2019-4083 affects IBM Jazz Foundation products (Rational CLM suite: CLM, RQM, RTC, DOORS, etc.) with cross-site scripting in the Web UI. Affected versions are 6.0–6.0.6.1. The root cause is an XSS vulnerability that could allow an attacker to inject arbitrary JavaScript, potentially leading t...

5.4CVSS5.4AI score0.00679EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.64 views

CVE-2021-20518

The CVE-2021-20518 issue affects IBM Jazz Foundation products (EWM, RTC, RELM, ENI, and IBM Engineering Requirements Quality Assistant On-Premises). It is described as a cross-site scripting vulnerability allowing an attacker to embed arbitrary JavaScript in the Web UI, with potential credential ...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/10/27 4:0 p.m.64 views

CVE-2021-29713

CVE-2021-29713 affects IBM Jazz Team Server and related IBM Engineering Lifecycle Management components. The vulnerability is a cross-site scripting (XSS) flaw in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted s...

5.4CVSS5.5AI score0.0048EPSS
CVE
CVE
added 2016/01/02 9:0 p.m.63 views

CVE-2015-1928

CVE-2015-1928 affects IBM Jazz-based CLM ecosystem (Jazz Team Server and multiple CLM apps such as RRC, RDNG, RELM, RTC, RQM, Rhapsody DM, RSA DM, etc.). The connected IBM bulletin confirms a remote attacker can exploit via a crafted website to hijack the victim’s click actions (clickjacking). Af...

6.8CVSS6.1AI score0.01202EPSS
CVE
CVE
added 2018/07/06 2:0 p.m.63 views

CVE-2017-1559

CVE-2017-1559 affects IBM Jazz-based Rational CLM/RQM/RRTC etc. products; the issue allows disclosure of sensitive information when an attacker intercepts vulnerable requests. The IBM bulletin lists impacted products (CLM 5.0–6.0.5, RQM, RTC, RDNG, RELM, RSA DM, Rhapsody DM, etc.) and provides re...

4.3CVSS5.6AI score0.00897EPSS
CVE
CVE
added 2016/01/03 2:0 a.m.62 views

CVE-2015-4962

CVE-2015-4962 affects IBM Jazz-based CLM ecosystem (including CLM, RTC, RQM, RRC, RDNG, RELM, Rhapsody DM, RSA DM, etc.). The root cause is weak permissions on unspecified project areas, allowing remote authenticated users to obtain sensitive information via unknown vectors. Impact is information...

3.5CVSS3.5AI score0.00454EPSS
CVE
CVE
added 2018/03/15 10:0 p.m.62 views

CVE-2015-7453

CVE-2015-7453 : IBM Jazz/CLM family (including CLM, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) are vulnerable to cross-site scripting via remote crafted URLs. Affects CLM products 3.0.1–6.0.1, RQM 3.0.x–6.0.1, RTC 3.0.x–6.0.1, RRC 3.0.x–4.0.x, RDNG 4.0–6.0.1, RELM 4.0.x–6.0.1, Rhapsody DM 4....

6.1CVSS5.7AI score0.0087EPSS
CVE
CVE
added 2017/12/27 4:0 p.m.62 views

CVE-2017-1365

IBM Team Concert (RTC) and IBM Rational CLM are affected by a cross-site scripting vulnerability in the Web UI that can allow an attacker to inject arbitrary JavaScript and potentially disclose credentials within a trusted session. The CVE entry covers IBM Rational CLM/RRC components including CL...

5.4CVSS5.2AI score0.0054EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.62 views

CVE-2021-20520

CVE-2021-20520 is an IBM Jazz Foundation cross-site scripting (XSS) vulnerability affecting IBM Jazz Team Server based applications. The issue allows an attacker to inject arbitrary JavaScript into the Web UI, potentially exposing credentials within a trusted session. Affected products/versions i...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/10/27 4:0 p.m.62 views

CVE-2021-29774

Summary: CVE-2021-29774 affects IBM Jazz Team Server family (including CLM, ELM, DOORS Next, RTC, EWM, Rhapsody) where an authenticated user could obtain elevated privileges under certain configurations. The root cause is insufficient validation of user privileges, enabling privilege escalation w...

7.5CVSS7.5AI score0.0095EPSS
CVE
CVE
added 2018/03/15 10:0 p.m.61 views

CVE-2015-7440

CVE-2015-7440 affects IBM Jazz-based CLM/RQM/RTC/etc. A local privilege-escalation vulnerability exists across multiple CLM family products (CLM 3.0.1.x up to 6.x; RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) that could allow a local user to gain privileges via unspecified vectors. Connected I...

7.8CVSS7.3AI score0.00319EPSS
CVE
CVE
added 2018/10/02 3:0 p.m.61 views

CVE-2018-1558

CVE-2018-1558 describes cross-site scripting in IBM Rational CLM and related Jazz-based products. Affected products include CLM, RDNG, RELM, RTC, RQM, Rhapsody DM, and RSA DM across 5.x and 6.x (up to 6.0.6). The vulnerability arises from a Web UI XSS flaw that can lead to credential disclosure w...

5.4CVSS5.1AI score0.0066EPSS
CVE
CVE
added 2019/06/27 1:45 p.m.61 views

CVE-2018-1760

Affected software: IBM Rational CLM suite (including CLM, RQM, RTC, DOORS Next Gen, RSM, RSA DM) running 6.0 – 6.0.6.1. Vulnerability: Cross-site scripting in the Web UI that allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Root cause ...

5.4CVSS5.4AI score0.00597EPSS
CVE
CVE
added 2021/01/27 4:15 p.m.61 views

CVE-2021-20357

CVE-2021-20357 affects IBM Jazz Foundation products with a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript and, in a trusted session, potentially disclose credentials. Connected sources corroborate a Web UI XSS across multiple IBM Jazz/F...

5.4CVSS5.2AI score0.00665EPSS
CVE
CVE
added 2016/11/24 7:41 p.m.60 views

CVE-2016-0284

The CVE-2016-0284 entry relates to an XML External Entity (XXE) vulnerability in the XML parser used by IBM Jazz-based CLM products. Affected products include Rational Collaborative Lifecycle Management (across 3.0.1.6 up to 6.0.2), Rational Quality Manager, Rational Team Concert, Rational DOORS ...

5.5CVSS5.5AI score0.00944EPSS
CVE
CVE
added 2018/09/25 4:0 p.m.60 views

CVE-2018-1560

IBM Rational Engineering Lifecycle Manager is affected by CVE-2018-1560: a cross-site scripting vulnerability in the Web UI that can lead to credentials disclosure within a trusted session. Affected versions are 5.0–5.02 and 6.0–6.0.6. Remediation per IBM bulletin: upgrade to 6.0.6 IFIX02 or late...

5.4CVSS5.3AI score0.0066EPSS
CVE
CVE
added 2019/06/27 1:45 p.m.60 views

CVE-2019-4084

IBM Jazz Foundation (CLM) vulnerability CVE-2019-4084 affects Rational CLM products version 6.0 to 6.0.6.1. An authenticated user could obtain sensitive information from CLM Applications, as described in multiple sources (NVD/NVD-derived entries, CNVD, and IBM bulletin). The issue is categorized ...

4.3CVSS4.7AI score0.01003EPSS
CVE
CVE
added 2020/09/02 6:25 p.m.60 views

CVE-2020-4522

IBM Jazz Team Server based Applications are affected by a cross-site scripting vulnerability (CVE-2020-4522) in the Web UI, potentially enabling an attacker to inject arbitrary JavaScript and cause credentials disclosure within a trusted session. Affected products include IBM Engineering DOORS Ne...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.60 views

CVE-2021-20352

Summary (CVE-2021-20352) : IBM Jazz Foundation products are vulnerable to cross-site scripting that can let an attacker embed arbitrary JavaScript in the Web UI, potentially disclosing credentials within a trusted session. The vulnerability affects multiple IBM Jazz-related products/versions, inc...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.60 views

CVE-2021-20504

CVE-2021-20504 affects IBM Jazz Foundation products with a cross-site scripting vulnerability in the Web UI that could lead to credentials disclosure in a trusted session. Affected products/versions include IBM Engineering Workflow Management (EWM) 7.0, 7.0.1, 7.0.2; IBM Engineering Lifecycle Opt...

5.4CVSS5.5AI score0.00502EPSS
Total number of security vulnerabilities141