Lucene search
+L
IbmRational Focal Point

9 matches found

cve
cve
added 2013/12/18 11:0 a.m.125 views

CVE-2013-5398

CVE-2013-5398 is an information-disclosure vulnerability in IBM Rational Focal Point’s Webservice Axis Gateway. It arises from input validation of the file variable in the RequestAccessController servlet, enabling a remote, unauthenticated attacker to read configuration files of the Webservice Ax...

3.3CVSS6.1AI score0.0059EPSS
cve
cve
added 2013/12/18 11:0 a.m.122 views

CVE-2013-5397

CVE-2013-5397 covers an information-disclosure vulnerability in IBM Rational Focal Point’s Webservice Axis Gateway. The issue affects multiple versions (6.4 to 6.6.x with various devfix exclusions) and is described as allowing remote attackers to bypass access restrictions and obtain sensitive in...

3.3CVSS6.1AI score0.0059EPSS
cve
cve
added 2014/02/25 9:0 p.m.43 views

CVE-2014-0842

The CVE-2014-0842 vulnerability affects IBM Rational Focal Point 6.4.x and 6.5.x prior to 6.5.2.3, and 6.6.x prior to 6.6.1. The account-creation page places the new user’s default password in the HTML source, allowing remote attackers to read sensitive credentials via page source inspection. Imp...

5CVSS6.2AI score0.01173EPSS
cve
cve
added 2014/02/25 9:0 p.m.43 views

CVE-2014-0843

CVE-2014-0843 affects IBM Rational Focal Point 6.x (specifically 6.4.x and 6.5.x before 6.5.2.3; 6.6.x before 6.6.1). The vulnerability is an XSS via remote authenticated users who upload a file, leveraging insufficient input validation and file-upload handling to inject arbitrary web script/HTML...

3.5CVSS5.2AI score0.01088EPSS
cve
cve
added 2014/02/25 9:0 p.m.42 views

CVE-2014-0839

CVE-2014-0839 affects IBM Rational Focal Point 6.x (specifically 6.4.x and 6.5.x before 6.5.2.3, and 6.6.x before 6.6.1). The issue is a direct object reference that allows remote authenticated users to modify data via targeted vectors. Impact is data modification; no exploitation details are pro...

4CVSS6.1AI score0.00842EPSS
cve
cve
added 2018/04/27 4:0 p.m.41 views

CVE-2014-0841

The CVE affects IBM Rational Focal Point versions 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0, which use a weak password-hashing algorithm. Root cause: weak hash/cryptographic approach facilitates brute-force attacks. Impact: context-dependent attackers could obtain plaintext passwords. No remediation ...

5.3CVSS5AI score0.00229EPSS
cve
cve
added 2013/10/17 12:0 a.m.40 views

CVE-2013-3025

CVE-2013-3025 affects IBM Rational Focal Point 6.5.x and 6.6.x prior to 6.6.0.1, with multiple reflected XSS vulnerabilities that allow remote attackers to inject arbitrary scripts via unspecified vectors. The issue is described across NVD and related records; the underlying impact is partial int...

4.3CVSS5.7AI score0.00931EPSS
cve
cve
added 2014/02/25 9:0 p.m.40 views

CVE-2014-0840

IBM Rational Focal Point 6.4.x/6.5.x (before 6.5.2.3) and 6.6.x (before 6.6.1) are affected by multiple cross-site scripting (XSS) vulnerabilities that allow remote authenticated users to inject arbitrary scripts/HTML via unspecified vectors. The root cause is not fully detailed here, but exploit...

3.5CVSS5.3AI score0.01088EPSS
cve
cve
added 2014/02/25 9:0 p.m.36 views

CVE-2014-0853

The CVE-2014-0853 issue affects IBM Rational Focal Point 6.4.x and 6.5.x prior to 6.5.2.3, and 6.6.x prior to 6.6.1. The vulnerability involves multiple cross-site scripting (XSS) flaws in the ForwardController and AttributeEditor scripts, allowing remote authenticated users to inject arbitrary w...

3.5CVSS5.2AI score0.00936EPSS