Rational Quality Manager@6.0.2 Security Vulnerabilities and Issues — Page 2 of Rational Quality Manager@6.0.2 CVE List

CVE•added 2018/04/24 2:29 p.m.•40 views

CVE-2017-1734

IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody...

4.3CVSS4.5AI score0.0021EPSS

CVE•added 2021/03/04 7:15 p.m.•40 views

CVE-2020-4856

IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459.

6.4CVSS5.4AI score0.0025EPSS

CVE•added 2021/04/12 6:15 p.m.•40 views

CVE-2020-4965

IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.

7.5CVSS7.6AI score0.00111EPSS

CVE•added 2021/03/04 7:15 p.m.•40 views

CVE-2021-20350

5.4CVSS5.5AI score0.00208EPSS

CVE•added 2017/06/13 7:29 p.m.•39 views

CVE-2017-1102

IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663...

5.4CVSS5.2AI score0.00272EPSS

CVE•added 2018/07/06 2:29 p.m.•39 views

CVE-2017-1239

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357.

5.3CVSS5.2AI score0.00126EPSS

CVE•added 2018/07/06 2:29 p.m.•39 views

CVE-2017-1242

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524.

5.4CVSS5.7AI score0.00129EPSS

CVE-2017-1280

5.4CVSS5.4AI score0.00162EPSS

CVE-2017-1281

5.4CVSS5.4AI score0.00162EPSS

CVE-2017-1568

CVE-2017-1621

CVE-2017-1690

CVE•added 2018/07/10 4:29 p.m.•39 views

CVE-2017-1791

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

5.4CVSS5.2AI score0.00182EPSS

CVE•added 2018/07/10 4:29 p.m.•39 views

CVE-2018-1423

IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.

6.5CVSS6.1AI score0.00186EPSS

CVE•added 2018/07/10 4:29 p.m.•39 views

CVE-2018-1492

IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.

6.8CVSS6.3AI score0.00051EPSS

CVE•added 2021/03/04 7:15 p.m.•39 views

CVE-2020-4863

6.4CVSS5.4AI score0.00177EPSS

CVE•added 2017/03/31 6:59 p.m.•38 views

CVE-2016-6036

IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Referenc...

5.4CVSS5.7AI score0.00227EPSS

CVE•added 2018/11/02 3:29 p.m.•38 views

CVE-2017-1609

IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session....

5.4CVSS5.2AI score0.00229EPSS

CVE•added 2018/07/03 7:29 p.m.•38 views

CVE-2017-1651

CVE•added 2018/07/03 7:29 p.m.•38 views

CVE-2017-1691

CVE•added 2018/11/06 4:29 p.m.•38 views

CVE-2018-1606

IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Man...

4.3CVSS4.3AI score0.00184EPSS

CVE•added 2020/07/16 3:15 p.m.•38 views

CVE-2019-4748

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174.

5.4CVSS5.2AI score0.00179EPSS

CVE•added 2021/01/27 5:15 p.m.•38 views

CVE-2020-4865

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.

5.4CVSS5.2AI score0.00208EPSS

CVE•added 2021/04/12 6:15 p.m.•38 views

CVE-2020-4920

IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.

6.4CVSS5.5AI score0.00128EPSS

CVE•added 2016/11/24 7:59 p.m.•37 views

CVE-2016-2864

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 be...

5.4CVSS5.1AI score0.00168EPSS

CVE•added 2017/05/10 2:29 p.m.•37 views

CVE-2016-6037

IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting...

4.8CVSS5.8AI score0.00152EPSS

CVE•added 2018/07/06 2:29 p.m.•37 views

CVE-2017-1329

5.4CVSS5.7AI score0.00129EPSS

CVE•added 2018/07/03 7:29 p.m.•37 views

CVE-2017-1561

CVE•added 2018/07/03 7:29 p.m.•37 views

CVE-2017-1564

5.4CVSS5.2AI score0.00175EPSS

CVE•added 2018/10/02 3:29 p.m.•37 views

CVE-2017-1649

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ...

CVE•added 2018/07/03 7:29 p.m.•37 views

CVE-2017-1715

CVE•added 2018/07/10 4:29 p.m.•37 views

CVE-2017-1738

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 contains an undisclosed vulnerability that would allow an authenticated user to obtain elevated privileges. IBM X-Force ID: 134919.

6.3CVSS5.2AI score0.00121EPSS

CVE•added 2018/10/02 3:29 p.m.•37 views

CVE-2018-1692

CVE•added 2021/01/27 5:15 p.m.•37 views

CVE-2020-4855

5.4CVSS5.2AI score0.00158EPSS

CVE•added 2021/04/12 6:15 p.m.•37 views

CVE-2020-4964

IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.

4.3CVSS5.2AI score0.00153EPSS

CVE•added 2018/07/06 2:29 p.m.•36 views

CVE-2017-1238

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

5.4CVSS5.3AI score0.00158EPSS

CVE•added 2018/07/03 7:29 p.m.•36 views

CVE-2017-1275

CVE•added 2018/07/03 7:29 p.m.•36 views

CVE-2017-1314

CVE•added 2018/10/02 3:29 p.m.•36 views

CVE-2018-1440

CVE•added 2018/07/10 4:29 p.m.•36 views

CVE-2018-1549

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attack...

5.4CVSS5.3AI score0.00109EPSS

CVE•added 2020/04/08 2:15 p.m.•36 views

CVE-2019-4602

IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

5.4CVSS5.2AI score0.00111EPSS

CVE•added 2018/03/20 9:29 p.m.•35 views

CVE-2015-7449

IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Ration...

3.3CVSS3.5AI score0.00018EPSS

CVE•added 2018/07/06 2:29 p.m.•35 views

CVE-2017-1248

6.1CVSS6.2AI score0.00177EPSS

CVE•added 2018/10/02 3:29 p.m.•35 views

CVE-2018-1605