Rational Quality Manager@5.0.1 Security Vulnerabilities and Issues — Page 2 of Rational Quality Manager@5.0.1 CVE List

CVE-2017-1280

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lead...

5.4CVSS5.4AI score0.00162EPSS

CVE-2017-1281

5.4CVSS5.4AI score0.00162EPSS

CVE-2017-1568

CVE-2017-1621

CVE-2017-1690

CVE•added 2018/07/10 4:29 p.m.•39 views

CVE-2017-1791

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

CVE•added 2018/07/10 4:29 p.m.•39 views

CVE-2018-1423

IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.

6.5CVSS6.1AI score0.00186EPSS

CVE•added 2018/07/10 4:29 p.m.•39 views

CVE-2018-1492

IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.

6.8CVSS6.3AI score0.00051EPSS

CVE•added 2015/04/27 11:59 a.m.•38 views

CVE-2015-0113

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generatio...

5CVSS6.7AI score0.00225EPSS

CVE•added 2017/03/31 6:59 p.m.•38 views

CVE-2016-6036

IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Referenc...

5.4CVSS5.7AI score0.00227EPSS

CVE•added 2018/07/03 7:29 p.m.•38 views

CVE-2017-1651

CVE•added 2018/07/03 7:29 p.m.•38 views

CVE-2017-1691

CVE•added 2016/01/03 12:59 a.m.•37 views

CVE-2015-1971

Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational ...

4.3CVSS4.5AI score0.00249EPSS

CVE•added 2016/10/22 3:59 a.m.•37 views

CVE-2016-0326

IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."

8.8CVSS8.5AI score0.00894EPSS

CVE•added 2016/11/24 7:59 p.m.•37 views

CVE-2016-2864

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 be...

5.4CVSS5.1AI score0.00168EPSS

CVE•added 2017/05/10 2:29 p.m.•37 views

CVE-2016-6037

IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting...

4.8CVSS5.8AI score0.00152EPSS

CVE•added 2018/07/03 7:29 p.m.•37 views

CVE-2017-1561

CVE•added 2018/07/03 7:29 p.m.•37 views

CVE-2017-1564

5.4CVSS5.2AI score0.00175EPSS

CVE•added 2018/07/03 7:29 p.m.•37 views

CVE-2017-1715

CVE•added 2018/07/10 4:29 p.m.•37 views

CVE-2017-1738

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 contains an undisclosed vulnerability that would allow an authenticated user to obtain elevated privileges. IBM X-Force ID: 134919.

6.3CVSS5.2AI score0.00121EPSS

CVE•added 2015/03/13 1:59 a.m.•36 views

CVE-2014-6144

Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00166EPSS

CVE•added 2018/07/03 7:29 p.m.•36 views

CVE-2017-1275

CVE•added 2018/07/03 7:29 p.m.•36 views

CVE-2017-1314

CVE•added 2018/07/10 4:29 p.m.•36 views

CVE-2018-1549

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attack...

5.4CVSS5.3AI score0.00109EPSS

CVE•added 2015/03/18 10:59 a.m.•35 views

CVE-2014-6131

IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x bef...

4CVSS6.2AI score0.00158EPSS

CVE•added 2015/03/18 10:59 a.m.•35 views

CVE-2015-0128

Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0124.

3.5CVSS5.2AI score0.00188EPSS

CVE•added 2015/07/20 1:59 a.m.•35 views

CVE-2015-0130

Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x befor...

3.5CVSS5.2AI score0.00166EPSS

CVE•added 2018/03/20 9:29 p.m.•35 views

CVE-2015-7449

IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Ration...

3.3CVSS3.5AI score0.00018EPSS

CVE•added 2019/03/14 10:29 p.m.•35 views

CVE-2018-1759

IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148...

CVE•added 2015/03/18 10:59 a.m.•34 views

CVE-2014-6129

5.5CVSS6.3AI score0.00348EPSS

CVE•added 2015/03/18 10:59 a.m.•34 views

CVE-2015-0124

3.5CVSS5.2AI score0.00188EPSS

CVE•added 2018/07/10 4:29 p.m.•34 views

CVE-2018-1396

5.4CVSS5.2AI score0.0018EPSS

CVE•added 2019/03/14 10:29 p.m.•34 views

CVE-2018-1823

CVE•added 2016/11/25 8:59 p.m.•33 views

CVE-2016-2926

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 ...

5.4CVSS4.9AI score0.00541EPSS

CVE•added 2018/07/03 7:29 p.m.•33 views

CVE-2017-1250

5.4CVSS5.5AI score0.00182EPSS

CVE•added 2018/07/03 7:29 p.m.•33 views

CVE-2017-1315

CVE•added 2018/07/10 4:29 p.m.•33 views

CVE-2017-1729

CVE•added 2019/03/14 10:29 p.m.•33 views

CVE-2018-1763

CVE•added 2019/03/14 10:29 p.m.•33 views

CVE-2018-1829

CVE•added 2017/07/05 6:29 p.m.•32 views

CVE-2016-9700

IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528.

4.3CVSS4.1AI score0.00177EPSS

CVE•added 2018/07/03 7:29 p.m.•32 views

CVE-2017-1317

CVE•added 2019/03/14 10:29 p.m.•32 views

CVE-2018-1764

CVE•added 2019/03/14 10:29 p.m.•32 views

CVE-2018-1825

CVE•added 2018/07/10 4:29 p.m.•31 views

CVE-2017-1792

CVE•added 2017/03/31 6:59 p.m.•30 views

CVE-2016-6022

IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000...

5.4CVSS5.7AI score0.00227EPSS

CVE•added 2018/07/10 4:29 p.m.•30 views

CVE-2017-1793

CVE•added 2019/03/14 10:29 p.m.•30 views

CVE-2018-1824