Rational Quality Manager Security Vulnerabilities and Issues — Page 2 of Rational Quality Manager CVE List

Lucene search

IbmRational Quality Manager

202 matches found

CVE•added 2018/03/23 7:29 p.m.•46 views

CVE-2017-1629

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...

5.4CVSS5.2AI score0.00216EPSS

CVE•added 2018/04/24 2:29 p.m.•46 views

CVE-2017-1700

IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody...

6.5CVSS6.2AI score0.00269EPSS

CVE•added 2018/04/24 2:29 p.m.•46 views

CVE-2017-1725

4.3CVSS4.7AI score0.00252EPSS

CVE•added 2021/03/04 7:15 p.m.•46 views

CVE-2021-20351

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708.

5.4CVSS5.3AI score0.00208EPSS

CVE•added 2014/09/12 1:55 a.m.•45 views

CVE-2014-3092

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for r...

5CVSS6.2AI score0.00225EPSS

CVE•added 2017/03/31 6:59 p.m.•45 views

CVE-2016-9707

IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.

8.1CVSS8.1AI score0.00359EPSS

CVE•added 2017/06/13 7:29 p.m.•45 views

CVE-2017-1101

IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662...

5.4CVSS5.2AI score0.00272EPSS

CVE•added 2018/07/03 7:29 p.m.•45 views

CVE-2017-1592

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lead...

5.4CVSS5.4AI score0.00162EPSS

CVE•added 2019/06/27 2:15 p.m.•45 views

CVE-2019-4249

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.4AI score0.00208EPSS

CVE•added 2019/06/27 2:15 p.m.•45 views

CVE-2019-4250

IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc...

5.4CVSS5.4AI score0.00208EPSS

CVE•added 2021/01/27 5:15 p.m.•45 views

CVE-2021-20357

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.

5.4CVSS5.2AI score0.00158EPSS

CVE•added 2018/07/03 7:29 p.m.•44 views

CVE-2017-1316

5.4CVSS5.4AI score0.00175EPSS

CVE•added 2018/07/06 2:29 p.m.•44 views

CVE-2017-1488

An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627.

5.3CVSS4.9AI score0.00187EPSS

CVE•added 2018/07/03 7:29 p.m.•44 views

CVE-2017-1608

5.4CVSS5.4AI score0.00175EPSS

CVE•added 2019/06/27 2:15 p.m.•44 views

CVE-2018-1734

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838.

4.3CVSS4.7AI score0.00156EPSS

CVE•added 2019/06/27 2:15 p.m.•44 views

CVE-2018-1760

5.4CVSS5.4AI score0.00208EPSS

CVE•added 2019/06/27 2:15 p.m.•44 views

CVE-2018-1826

5.4CVSS5.4AI score0.00208EPSS

CVE•added 2019/03/14 11:0 p.m.•44 views

CVE-2018-1952

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ...

5.4CVSS5.1AI score0.00229EPSS

CVE•added 2019/06/27 2:15 p.m.•44 views

CVE-2019-4252

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.

7.5CVSS7.2AI score0.00612EPSS

CVE•added 2020/09/02 7:15 p.m.•44 views

CVE-2020-4445

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122.

5.4CVSS5.2AI score0.00236EPSS

CVE•added 2018/01/16 7:29 p.m.•43 views

CVE-2016-0219

XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693.

6.5CVSS5.9AI score0.00395EPSS

CVE•added 2016/11/25 3:59 a.m.•43 views

CVE-2016-2947

IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18...

4CVSS3.2AI score0.00178EPSS

CVE•added 2017/06/13 7:29 p.m.•43 views

CVE-2017-1104

5.4CVSS5.2AI score0.00272EPSS

CVE•added 2017/12/27 4:29 p.m.•43 views

CVE-2017-1191

An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.

4.3CVSS4.6AI score0.0013EPSS

CVE•added 2018/07/03 7:29 p.m.•43 views

CVE-2017-1293

5.4CVSS5.4AI score0.00182EPSS

CVE•added 2018/07/03 7:29 p.m.•43 views

CVE-2017-1313

5.4CVSS5.4AI score0.00175EPSS

CVE•added 2019/03/14 10:29 p.m.•43 views

CVE-2018-1688

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

5.4CVSS5.1AI score0.00229EPSS

CVE•added 2021/03/04 7:15 p.m.•43 views

CVE-2020-4857

IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460.

6.4CVSS5.4AI score0.00174EPSS

CVE•added 2018/03/15 10:29 p.m.•42 views

CVE-2015-7440

IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 ...

7.8CVSS7.3AI score0.00049EPSS

CVE•added 2017/06/13 7:29 p.m.•42 views

CVE-2017-1100

5.4CVSS5.2AI score0.00272EPSS

CVE•added 2017/05/10 2:29 p.m.•42 views

CVE-2017-1103

IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665.

8.1CVSS8AI score0.00378EPSS

CVE•added 2018/07/03 7:29 p.m.•42 views

CVE-2017-1562

5.4CVSS5.4AI score0.00175EPSS

CVE•added 2018/01/26 9:29 p.m.•42 views

CVE-2017-1653

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS5.1AI score0.00574EPSS

CVE•added 2018/08/20 9:29 p.m.•42 views

CVE-2017-1753

Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.

5.4CVSS5.5AI score0.00078EPSS

CVE•added 2018/08/20 9:29 p.m.•42 views

CVE-2018-1394

Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425.

5.4CVSS5.2AI score0.00105EPSS

CVE•added 2018/10/02 3:29 p.m.•42 views

CVE-2018-1558

IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

5.4CVSS5.1AI score0.00158EPSS

CVE•added 2017/03/31 6:59 p.m.•41 views

CVE-2016-6031

IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2...

5.4CVSS5.7AI score0.00227EPSS

CVE•added 2018/03/23 7:29 p.m.•41 views

CVE-2017-1524

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970.

4.3CVSS4.3AI score0.00264EPSS

CVE•added 2018/07/03 7:29 p.m.•41 views

CVE-2017-1565

5.4CVSS5.4AI score0.00175EPSS

CVE•added 2018/03/23 7:29 p.m.•41 views

CVE-2017-1602

IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625.

4.3CVSS4.5AI score0.00165EPSS

CVE•added 2018/07/03 7:29 p.m.•41 views

CVE-2017-1652

5.4CVSS5.4AI score0.00162EPSS

CVE•added 2018/03/23 7:29 p.m.•41 views

CVE-2017-1655

5.4CVSS5.2AI score0.00216EPSS

CVE•added 2018/11/06 4:29 p.m.•41 views

CVE-2018-1694

IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5...

5.9CVSS5.4AI score0.00266EPSS

CVE•added 2019/06/27 2:15 p.m.•41 views

CVE-2018-1893

5.4CVSS5.4AI score0.00208EPSS

CVE•added 2021/03/04 7:15 p.m.•41 views

CVE-2020-4866

5.4CVSS5.5AI score0.00208EPSS

CVE•added 2021/03/04 7:15 p.m.•41 views

CVE-2021-20340

5.4CVSS5.5AI score0.00208EPSS

CVE•added 2021/04/12 6:15 p.m.•41 views

CVE-2021-20519

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.

5.4CVSS5.6AI score0.00157EPSS

CVE•added 2016/11/25 3:59 a.m.•40 views

CVE-2016-2986

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle Ma...

5.4CVSS4.9AI score0.00168EPSS

CVE•added 2018/07/03 7:29 p.m.•40 views

CVE-2017-1294

5.4CVSS5.4AI score0.00162EPSS

CVE•added 2018/07/03 7:29 p.m.•40 views

CVE-2017-1306

5.4CVSS5.4AI score0.00182EPSS

Total number of security vulnerabilities202