Rational Engineering Lifecycle Manager@* Security Vulnerabilities and Issues — Page 2 of Rational Engineering Lifecycle Manager@* CVE List

Lucene search

IbmRational Engineering Lifecycle Manager*

58 matches found

CVE•added 2018/01/16 7:29 p.m.•34 views

CVE-2015-7484

IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. IBM X-Force ID: 108619.

4.3CVSS4.4AI score0.00119EPSS

CVE•added 2018/09/25 4:0 p.m.•34 views

CVE-2018-1539

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.

6.5CVSS6.5AI score0.00123EPSS

CVE•added 2018/01/16 7:29 p.m.•33 views

CVE-2015-7474

Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecifi...

5.4CVSS5.2AI score0.00148EPSS

CVE•added 2018/01/16 7:29 p.m.•33 views

CVE-2015-7486

Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-F...

5.4CVSS5.2AI score0.00129EPSS

CVE•added 2019/03/14 11:0 p.m.•32 views

CVE-2018-1914

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X...

5.4CVSS5.1AI score0.00251EPSS

CVE•added 2018/09/25 4:0 p.m.•31 views

CVE-2018-1588

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resour...

7.1CVSS6.8AI score0.00359EPSS

CVE•added 2018/11/02 3:29 p.m.•31 views

CVE-2018-1846

IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:...

7.1CVSS6.8AI score0.00351EPSS

CVE•added 2019/03/14 11:0 p.m.•31 views

CVE-2018-1929

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120.

4.3CVSS4.3AI score0.00224EPSS

Total number of security vulnerabilities58