9 matches found
CVE-2013-5398
CVE-2013-5398 is an information-disclosure vulnerability in IBM Rational Focal Point’s Webservice Axis Gateway. It arises from input validation of the file variable in the RequestAccessController servlet, enabling a remote, unauthenticated attacker to read configuration files of the Webservice Ax...
CVE-2013-5397
CVE-2013-5397 covers an information-disclosure vulnerability in IBM Rational Focal Point’s Webservice Axis Gateway. The issue affects multiple versions (6.4 to 6.6.x with various devfix exclusions) and is described as allowing remote attackers to bypass access restrictions and obtain sensitive in...
CVE-2014-0842
The CVE-2014-0842 vulnerability affects IBM Rational Focal Point 6.4.x and 6.5.x prior to 6.5.2.3, and 6.6.x prior to 6.6.1. The account-creation page places the new user’s default password in the HTML source, allowing remote attackers to read sensitive credentials via page source inspection. Imp...
CVE-2014-0843
CVE-2014-0843 affects IBM Rational Focal Point 6.x (specifically 6.4.x and 6.5.x before 6.5.2.3; 6.6.x before 6.6.1). The vulnerability is an XSS via remote authenticated users who upload a file, leveraging insufficient input validation and file-upload handling to inject arbitrary web script/HTML...
CVE-2014-0839
CVE-2014-0839 affects IBM Rational Focal Point 6.x (specifically 6.4.x and 6.5.x before 6.5.2.3, and 6.6.x before 6.6.1). The issue is a direct object reference that allows remote authenticated users to modify data via targeted vectors. Impact is data modification; no exploitation details are pro...
CVE-2014-0841
The CVE affects IBM Rational Focal Point versions 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0, which use a weak password-hashing algorithm. Root cause: weak hash/cryptographic approach facilitates brute-force attacks. Impact: context-dependent attackers could obtain plaintext passwords. No remediation ...
CVE-2013-3025
CVE-2013-3025 affects IBM Rational Focal Point 6.5.x and 6.6.x prior to 6.6.0.1, with multiple reflected XSS vulnerabilities that allow remote attackers to inject arbitrary scripts via unspecified vectors. The issue is described across NVD and related records; the underlying impact is partial int...
CVE-2014-0840
IBM Rational Focal Point 6.4.x/6.5.x (before 6.5.2.3) and 6.6.x (before 6.6.1) are affected by multiple cross-site scripting (XSS) vulnerabilities that allow remote authenticated users to inject arbitrary scripts/HTML via unspecified vectors. The root cause is not fully detailed here, but exploit...
CVE-2014-0853
The CVE-2014-0853 issue affects IBM Rational Focal Point 6.4.x and 6.5.x prior to 6.5.2.3, and 6.6.x prior to 6.6.1. The vulnerability involves multiple cross-site scripting (XSS) flaws in the ForwardController and AttributeEditor scripts, allowing remote authenticated users to inject arbitrary w...