38 matches found
CVE-2017-1127
CVE-2017-1127 affects IBM Rational DOORS Next Generation and related DOORS/RRC components. The connected IBM security bulletin confirms a cross-site scripting (XSS) vulnerability in DNG/RRC Web UI that allows embedding arbitrary JavaScript, potentially leading to credential disclosure within a tr...
CVE-2015-1928
CVE-2015-1928 affects IBM Jazz-based CLM ecosystem (Jazz Team Server and multiple CLM apps such as RRC, RDNG, RELM, RTC, RQM, Rhapsody DM, RSA DM, etc.). The connected IBM bulletin confirms a remote attacker can exploit via a crafted website to hijack the victim’s click actions (clickjacking). Af...
CVE-2015-7453
CVE-2015-7453 : IBM Jazz/CLM family (including CLM, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) are vulnerable to cross-site scripting via remote crafted URLs. Affects CLM products 3.0.1–6.0.1, RQM 3.0.x–6.0.1, RTC 3.0.x–6.0.1, RRC 3.0.x–4.0.x, RDNG 4.0–6.0.1, RELM 4.0.x–6.0.1, Rhapsody DM 4....
CVE-2015-4962
CVE-2015-4962 affects IBM Jazz-based CLM ecosystem (including CLM, RTC, RQM, RRC, RDNG, RELM, Rhapsody DM, RSA DM, etc.). The root cause is weak permissions on unspecified project areas, allowing remote authenticated users to obtain sensitive information via unknown vectors. Impact is information...
CVE-2015-0132
Technical details for CVE-2015-0132 are not provided in the connected documents. The initial entry describes a recursive entity expansion DoS in IBM Rational DOORS/Requirement Composer XML parser but no vendor/version specifics or fixes are given here. Monitor for updates.
CVE-2015-7440
CVE-2015-7440 affects IBM Jazz-based CLM/RQM/RTC/etc. A local privilege-escalation vulnerability exists across multiple CLM family products (CLM 3.0.1.x up to 6.x; RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) that could allow a local user to gain privileges via unspecified vectors. Connected I...
CVE-2015-4946
CVE-2015-4946 affects IBM CLM/Jazz-based products (RCLM, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) and related Jazz Team Server components. The issue allows an authenticated user to bypass access restrictions and perform unauthorized actions due to a design/logic flaw in IBM Rational LifeCy...
CVE-2014-0844
IBM CVE-2014-0844 affects IBM Rational Requirements Composer (RRC) 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6. The vulnerability is described as an unspecified remote-authenticated data exposure via unknown vectors. The connected CVE collect...
CVE-2014-3092
CVE-2014-3092 affects IBM Jazz Team Server-based products (e.g., Rational CLM suite, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) where the session cookie is not marked Secure in HTTPS, enabling potential cookie leakage over HTTP. The root cause is the cookie’s missing Secure flag during SSL s...
CVE-2016-0219
CVE-2016-0219 is an XXE vulnerability in IBM Rational Team Concert. The IBM/CLM bulletin and NVD entries describe a denial-of-service risk when processing crafted XML data, affecting RTC 3.0 up to 6.0.1 (pre-iFix4). The issue manifests when XML with external entity references is parsed, enabling ...
CVE-2017-1790
Summary of CVE-2017-1790 : IBM DOORS Next Generation (DNG/RRC) versions 5.0–5.0.2 and 6.0–6.0.5 are affected by a cross-site scripting (XSS) vulnerability in the Web UI that could allow an attacker to inject JavaScript, potentially leading to credentials disclosure within a trusted session. The I...
CVE-2018-1529
CVE-2018-1529 affects IBM Rational DOORS Next Generation (DNG) 5.0–5.0.2 and 6.0–6.0.5, and IBM Rational Requirements Composer 5.0–5.0.2, exposing cross-site scripting via the Web UI that could lead to credentials disclosure in a trusted session. Remediation provided by IBM fixes: upgrade Rationa...
CVE-2017-1128
IBM DOORS Next Generation (DNG/RRC) versions affected: 4.0, 5.0, and 6.0. The Web UI is vulnerable to cross-site scripting via embedded JavaScript, enabling potential credential disclosure in a trusted session. Root cause: reflected/stored XSS in the Web UI (details are described in the IBM Secur...
CVE-2017-1276
CVE-2017-1276 affects IBM DOORS Next Generation (DNG/RRC) Web UI for versions 4.0, 5.0 and 6.0, enabling cross-site scripting via embedded JavaScript that can lead to credentials disclosure in a trusted session. Root cause is XSS in the web interface. Affected products/versions are listed in IBM ...
CVE-2017-1338
CVE-2017-1338 affects IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0, with a cross-site scripting flaw in the Web UI that can let an attacker embed arbitrary JavaScript and potentially disclose credentials in a trusted session. The IBM bulletin lists fixes by upgrading to: 6.0.2 iFix013 or ...
CVE-2015-0113
CVE-2015-0113 affects IBM Jazz-based products (CLM, RTC, RRC, RDNG, RELM, RQM, Rhapsody DM, RSA DM, and related components) where the Jazz Help System permits remote attackers to read JSP source code by sending a crafted request. Affected versions include CLM 4.0–5.0.2, RQM 4.0–4.0.7 and 5.0–5.0....
CVE-2017-1546
IBM DOORS Next Generation (DNG/RRC) versions 4.07, 5.0, and 6.0 are vulnerable to cross-site scripting via the Web UI, allowing arbitrary JavaScript execution and potential credentials disclosure in a trusted session. Affected products/versions include Rational DOORS Next Generation 6.0–6.0.4, Ra...
CVE-2014-0846
CVE-2014-0846 affects IBM Rational Requirements Composer (RRC) and DOORS Next Generation. Vulnerable: RRC versions 3.x prior to 3.0.1.6 iFix2 and 4.x prior to 4.0.6, and DOORS Next Generation 4.x prior to 4.0.6. Issue: cross-site scripting (XSS) allowing remote authenticated users to inject arbit...
CVE-2015-0121
CVE-2015-0121 affects IBM Rational Requirements Composer (RRC) versions 3.0–3.0.1.6 and 4.0–4.0.7, and Rational DOORS Next Generation (RDNG) 4.0–4.0.7 and 5.0–5.0.2. When WebSphere Application Server uses LTPA single sign-on, the RM session is not terminated after LTPA token expiration, allowing ...
CVE-2013-3036
IBM Rational Requirements Composer prior to 4.0.4 is affected by an open redirect vulnerability. Remote authenticated users can construct a URL that redirects victims to arbitrary external sites, enabling phishing via crafted links. Documents consistently describe the issue as an open redirect wi...
CVE-2015-7471
CVE-2015-7471 is an XSS vulnerability affecting IBM Jazz-based CLM products (and associated RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM, and Jazz Team Server components) across multiple versions (CLM 3.0.1–6.0.1, RQM 3.0.x–3.0.1.6, RTC 3.0.x–6.0.x, RRC 3.0.x–4.0.x, RDNG 4.0.x–6.0.x, RELM 4.0.3...
CVE-2017-1247
CVE-2017-1247 affects IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0. The weakness is a cross-site scripting vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The IBM Security Bulletin confir...
CVE-2013-3037
CVE-2013-3037 affects IBM Rational Requirements Composer prior to 4.0.4. The vulnerability is described as an unspecified local-privilege-escalation, enabling local users to gain privileges via unknown vectors. The connected documents confirm the vendor/product and version, but do not provide con...
CVE-2013-3039
The vulnerability CVE-2013-3039 affects IBM Rational Requirements Composer before 4.0.4. The root cause is improper authentication, leading to an unspecified impact with remote attack vectors. Documents consolidate the issue but do not specify vulnerable components beyond the product/version, nor...
CVE-2013-5404
CVE-2013-5404 is a cross-site scripting (XSS) vulnerability in the search implementation of IBM Rational Quality Manager (RQM) affecting 2.0–2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as deployed with Rational Team Concert, Rational Requirements Composer, and other products. The fl...
CVE-2016-9748
The CVE-2016-9748 issue affects IBM Rational DOORS Next Generation (RDNG) and related configurations as described in IBM’s advisory. Affected versions include RDNG 6.0–6.0.2, RDNG 5.0–5.0.2, Rational Requirements Composer 4.0.7. The root cause is the disclosure of sensitive information in error r...
CVE-2015-1971
CVE-2015-1971 affects IBM Jazz Team Server-based products across CLM, RRC, RDNG, RELM, RTC, RQM, Rhapsody DM, and RSA DM. An unspecified denial-of-service vulnerability exists in Jazz Team Server components used by these products, with affected ranges spanning CLM 3.0.1–5.0.2, RRC 2.0–4.0.7, RDNG...
CVE-2016-6055
IBM Rational DOORS Next Generation is affected by a cross-site scripting (XSS) vulnerability (CVE-2016-6055) in the Web UI. Affected products: Rational DOORS Next Generation 6.0–6.0.2 (6.0.3 not affected), 5.0–5.0.2, and Rational Requirements Composer 4.0.1–4.0.7. The issue allows embedding arbit...
CVE-2016-6060
CVE-2016-6060 affects IBM Rational DOORS Next Generation (DRN) 4.0–6.0.2 and related 5.x/4.x components. The vulnerability allows a JazzGuest user to see project names without proper permissions (undisclosed root cause). Affected: DRN 6.0–6.0.2, DRN 5.0–5.0.2, Rational Requirements Components 4.0...
CVE-2017-1278
IBM DOORS Next Generation (DNG/RRC) versions 4.0–6.0 are affected by an HTML injection vulnerability that allows a remote attacker to inject HTML executed in the victim’s browser within the hosting site context. Affected products include Rational DOORS Next Generation 6.0–6.0.3 and Rational Requi...
CVE-2013-3038
CVE-2013-3038 affects IBM Rational Requirements Composer prior to 4.0.4. The vulnerability is described as an unspecified issue that makes it easier for remote attackers to discover credentials via unknown vectors. The available connected sources list this product/version but do not provide concr...
CVE-2014-6131
CVE-2014-6131 affects IBM Jazz Team Server (JTS) used in multiple IBM Rational products (CLM, RRC, RDNG, RELM, RTC, RQM, Rhapsody/RSA DM, etc.). A remote authenticated user can read another user’s dashboard via unspecified vectors, impacting dashboards across CLM- and Jazz-based deployments. Affe...
CVE-2015-0130
CVE-2015-0130 describes a cross-site scripting vulnerability in IBM Jazz Foundation/CLM stack (including CLM, RRC, RDNG, RTC, RQM ). The root cause is improper validation of user-supplied input, allowing remote authenticated users to craft a URL that executes arbitrary script/HTML in the victim’s...
CVE-2014-6129
CVE-2014-6129 affects IBM Jazz Team Server (JTS)–based products (CLM, RRC, RDNG, RELM, RTC, RQM, RSA DM, Rhapsody DM, etc.). Described as an authenticated issue where a user with knowledge of JTS can delete another user’s dashboard via unspecified vectors. Affected versions include Rational CLM 3...
CVE-2015-0112
CVE-2015-0112 maps to an XML External Entity (XXE) issue in IBM Jazz Foundation/CLM stack (Jazz Team Server and multiple CLM-based products). Affected: CLM 3.0.1–5.0.2, RRC 2.0–4.0.7, RDNG 4.x–5.0.2, RELM 1.0/4.0.3–5.0.2, Rhapsody DM 3.0–5.0, RSA DM 3.0–5.0, RTC 2.0–5.0.2, RQM 2.0–5.0.2. Impact: ...
CVE-2015-7449
CVE-2015-7449 affects IBM Jazz Foundation-based products (CLM, RRC, RDNG, RELM, RTC, RQM, Rhapsody DM, RSA DM, and related Jazz Team Server components). The root cause is the use of weaker than expected encryption, enabling local users to obtain sensitive information. Affected versions include CL...
CVE-2014-0845
CVE-2014-0845 is an open redirect vulnerability in IBM Rational Requirements Composer (RRC) 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and in Rational DOORS Next Generation 4.x before 4.0.6. An authenticated remote attacker can craft a URL that redirects victims to arbitrary sites, enabling p...
CVE-2015-0125
CVE-2015-0125 describes an XSS vulnerability in IBM Rational DOORS Next Generation (4.x < 4.0.7 iFix3; 5.x < 5.0.2) and Rational Requirements Composer (4.x