Rational Quality Manager Security Vulnerabilities and Issues — Rational Quality Manager CVE List

Lucene search

IbmRational Quality Manager

202 matches found

CVE•added 2010/10/26 6:0 p.m.•106 views

CVE-2010-4094

The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548.

5CVSS7.4AI score0.88795EPSS

CVE•added 2021/01/08 9:15 p.m.•72 views

CVE-2020-4697

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790.

5.4CVSS5.1AI score0.00236EPSS

CVE•added 2017/06/13 7:29 p.m.•70 views

CVE-2017-1099

IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.

4.3CVSS4.9AI score0.35506EPSS

CVE•added 2021/01/08 9:15 p.m.•68 views

CVE-2020-4544

IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189.

4.3CVSS4.4AI score0.00112EPSS

CVE•added 2021/01/08 9:15 p.m.•67 views

CVE-2020-4487

4.3CVSS4.4AI score0.00112EPSS

CVE•added 2021/01/08 9:15 p.m.•66 views

CVE-2020-4733

5.4CVSS5.1AI score0.00179EPSS

CVE•added 2021/06/02 9:15 p.m.•63 views

CVE-2021-20346

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595.

5.5CVSS6AI score0.00148EPSS

CVE•added 2021/01/08 9:15 p.m.•61 views

CVE-2020-4691

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698.

5.4CVSS5.1AI score0.00236EPSS

CVE•added 2021/06/02 9:15 p.m.•60 views

CVE-2020-4495

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrar...

9CVSS8.7AI score0.0151EPSS

CVE•added 2021/06/02 9:15 p.m.•60 views

CVE-2021-20338

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

5.4CVSS5.5AI score0.00187EPSS

CVE•added 2021/06/02 9:15 p.m.•60 views

CVE-2021-20343

5.5CVSS6AI score0.0009EPSS

CVE•added 2021/06/02 9:15 p.m.•58 views

CVE-2021-20345

5.5CVSS6AI score0.00099EPSS

CVE•added 2017/11/27 9:29 p.m.•57 views

CVE-2016-6024

IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.

4.3CVSS5.1AI score0.0013EPSS

CVE•added 2021/06/02 9:15 p.m.•57 views

CVE-2021-20347

5.5CVSS6AI score0.00099EPSS

CVE•added 2021/06/02 9:15 p.m.•57 views

CVE-2021-20371

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.

6.5CVSS6.5AI score0.00141EPSS

CVE•added 2021/06/02 9:15 p.m.•56 views

CVE-2021-29670

5.4CVSS5.5AI score0.00208EPSS

CVE•added 2021/06/02 9:15 p.m.•55 views

CVE-2021-29668

5.4CVSS5.5AI score0.00208EPSS

CVE•added 2016/11/24 7:59 p.m.•54 views

CVE-2016-0273

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 be...

5.4CVSS5.1AI score0.00168EPSS

CVE•added 2021/06/02 9:15 p.m.•54 views

CVE-2021-20348

5.5CVSS6.1AI score0.0009EPSS

CVE•added 2019/06/27 2:15 p.m.•53 views

CVE-2019-4083

IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc...

5.4CVSS5.4AI score0.00277EPSS

CVE•added 2021/06/02 9:15 p.m.•53 views

CVE-2020-4977

IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-F...

5.4CVSS5.4AI score0.00187EPSS

CVE•added 2018/10/02 3:29 p.m.•52 views

CVE-2018-1404

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ...

5.4CVSS5.4AI score0.00158EPSS

CVE•added 2019/06/27 2:15 p.m.•52 views

CVE-2018-1827

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.4AI score0.00208EPSS

CVE•added 2021/06/02 9:15 p.m.•52 views

CVE-2020-4732

IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.

6.5CVSS6.5AI score0.00211EPSS

CVE•added 2021/06/02 9:15 p.m.•52 views

CVE-2020-5030

5.4CVSS5.5AI score0.00208EPSS

CVE•added 2018/07/03 7:29 p.m.•51 views

CVE-2017-1717

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lead...

5.4CVSS5.4AI score0.00182EPSS

CVE•added 2022/08/29 9:15 p.m.•51 views

CVE-2021-38934

IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ...

5.4CVSS5.2AI score0.00171EPSS

CVE•added 2018/07/06 2:29 p.m.•50 views

CVE-2017-1237

IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355.

5.4CVSS5.2AI score0.00182EPSS

CVE•added 2019/06/27 2:15 p.m.•50 views

CVE-2018-1758

5.4CVSS5.5AI score0.00208EPSS

CVE•added 2016/01/02 9:59 p.m.•49 views

CVE-2015-1928

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; R...

6.8CVSS6.1AI score0.00303EPSS

CVE•added 2018/07/03 7:29 p.m.•49 views

CVE-2017-1312

5.4CVSS5.4AI score0.00175EPSS

CVE•added 2017/12/27 4:29 p.m.•49 views

CVE-2017-1365

IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis...

5.4CVSS5.2AI score0.00198EPSS

CVE•added 2017/12/11 9:29 p.m.•49 views

CVE-2017-1507

IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.

4.3CVSS4.1AI score0.0013EPSS

CVE•added 2018/07/06 2:29 p.m.•49 views

CVE-2017-1509

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719.

4.3CVSS4.3AI score0.00137EPSS

CVE•added 2016/01/03 5:59 a.m.•48 views

CVE-2015-4962

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Te...

3.5CVSS3.5AI score0.00073EPSS

CVE•added 2017/02/01 8:59 p.m.•48 views

CVE-2016-2987

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.

4.3CVSS4.8AI score0.00179EPSS

CVE•added 2019/06/27 2:15 p.m.•48 views

CVE-2019-4084

IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384.

4.3CVSS4.7AI score0.00272EPSS

CVE•added 2020/09/02 7:15 p.m.•48 views

CVE-2020-4522

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397.

5.4CVSS5.2AI score0.00236EPSS

CVE•added 2016/01/03 5:59 a.m.•47 views

CVE-2015-4946

Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x...

3.3CVSS3.8AI score0.00054EPSS

CVE•added 2018/03/15 10:29 p.m.•47 views

CVE-2015-7453

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4....

6.1CVSS5.7AI score0.00187EPSS

CVE•added 2016/11/24 7:59 p.m.•47 views

CVE-2016-0284

The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational...

5.5CVSS5.5AI score0.00334EPSS

CVE•added 2017/06/13 7:29 p.m.•47 views

CVE-2016-9973

IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.

5.4CVSS5.2AI score0.00255EPSS

CVE•added 2017/11/27 9:29 p.m.•47 views

CVE-2017-1240

IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.

4.3CVSS4.2AI score0.00177EPSS

CVE•added 2018/07/03 7:29 p.m.•47 views

CVE-2017-1277

5.4CVSS5.4AI score0.00182EPSS

CVE•added 2018/07/06 2:29 p.m.•47 views

CVE-2017-1559

Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758.

4.3CVSS5.6AI score0.00179EPSS

CVE•added 2016/11/24 7:59 p.m.•46 views

CVE-2016-0372

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0....

4.3CVSS4.5AI score0.00263EPSS

CVE•added 2016/11/30 11:59 a.m.•46 views

CVE-2016-3014

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, R...

5.4CVSS4.9AI score0.00684EPSS

CVE•added 2017/11/27 9:29 p.m.•46 views

CVE-2017-1251

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.

4.3CVSS4.4AI score0.0013EPSS

CVE•added 2018/07/03 7:29 p.m.•46 views

CVE-2017-1299

5.4CVSS5.4AI score0.002EPSS

CVE•added 2017/11/27 9:29 p.m.•46 views

CVE-2017-1570

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.

4.3CVSS4.1AI score0.00178EPSS

Total number of security vulnerabilities202