Lucene search
K
IbmRational Requirements Composer

38 matches found

CVE
CVE
added 2017/02/08 7:0 p.m.71 views

CVE-2017-1127

CVE-2017-1127 affects IBM Rational DOORS Next Generation and related DOORS/RRC components. The connected IBM security bulletin confirms a cross-site scripting (XSS) vulnerability in DNG/RRC Web UI that allows embedding arbitrary JavaScript, potentially leading to credential disclosure within a tr...

5.4CVSS5.2AI score0.00645EPSS
CVE
CVE
added 2016/01/02 9:0 p.m.63 views

CVE-2015-1928

CVE-2015-1928 affects IBM Jazz-based CLM ecosystem (Jazz Team Server and multiple CLM apps such as RRC, RDNG, RELM, RTC, RQM, Rhapsody DM, RSA DM, etc.). The connected IBM bulletin confirms a remote attacker can exploit via a crafted website to hijack the victim’s click actions (clickjacking). Af...

6.8CVSS6.1AI score0.01202EPSS
CVE
CVE
added 2018/03/15 10:0 p.m.63 views

CVE-2015-7453

CVE-2015-7453 : IBM Jazz/CLM family (including CLM, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) are vulnerable to cross-site scripting via remote crafted URLs. Affects CLM products 3.0.1–6.0.1, RQM 3.0.x–6.0.1, RTC 3.0.x–6.0.1, RRC 3.0.x–4.0.x, RDNG 4.0–6.0.1, RELM 4.0.x–6.0.1, Rhapsody DM 4....

6.1CVSS5.7AI score0.0087EPSS
CVE
CVE
added 2016/01/03 2:0 a.m.62 views

CVE-2015-4962

CVE-2015-4962 affects IBM Jazz-based CLM ecosystem (including CLM, RTC, RQM, RRC, RDNG, RELM, Rhapsody DM, RSA DM, etc.). The root cause is weak permissions on unspecified project areas, allowing remote authenticated users to obtain sensitive information via unknown vectors. Impact is information...

3.5CVSS3.5AI score0.00454EPSS
CVE
CVE
added 2015/03/18 10:0 a.m.61 views

CVE-2015-0132

Technical details for CVE-2015-0132 are not provided in the connected documents. The initial entry describes a recursive entity expansion DoS in IBM Rational DOORS/Requirement Composer XML parser but no vendor/version specifics or fixes are given here. Monitor for updates.

7.8CVSS6.8AI score0.01328EPSS
CVE
CVE
added 2018/03/15 10:0 p.m.61 views

CVE-2015-7440

CVE-2015-7440 affects IBM Jazz-based CLM/RQM/RTC/etc. A local privilege-escalation vulnerability exists across multiple CLM family products (CLM 3.0.1.x up to 6.x; RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) that could allow a local user to gain privileges via unspecified vectors. Connected I...

7.8CVSS7.3AI score0.00319EPSS
CVE
CVE
added 2016/01/03 2:0 a.m.58 views

CVE-2015-4946

CVE-2015-4946 affects IBM CLM/Jazz-based products (RCLM, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) and related Jazz Team Server components. The issue allows an authenticated user to bypass access restrictions and perform unauthorized actions due to a design/logic flaw in IBM Rational LifeCy...

3.3CVSS3.8AI score0.00303EPSS
CVE
CVE
added 2014/03/04 10:0 p.m.57 views

CVE-2014-0844

IBM CVE-2014-0844 affects IBM Rational Requirements Composer (RRC) 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6. The vulnerability is described as an unspecified remote-authenticated data exposure via unknown vectors. The connected CVE collect...

3.5CVSS6.2AI score0.00852EPSS
CVE
CVE
added 2014/09/12 1:0 a.m.57 views

CVE-2014-3092

CVE-2014-3092 affects IBM Jazz Team Server-based products (e.g., Rational CLM suite, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) where the session cookie is not marked Secure in HTTPS, enabling potential cookie leakage over HTTP. The root cause is the cookie’s missing Secure flag during SSL s...

5CVSS6.2AI score0.01667EPSS
CVE
CVE
added 2018/01/16 7:0 p.m.55 views

CVE-2016-0219

CVE-2016-0219 is an XXE vulnerability in IBM Rational Team Concert. The IBM/CLM bulletin and NVD entries describe a denial-of-service risk when processing crafted XML data, affecting RTC 3.0 up to 6.0.1 (pre-iFix4). The issue manifests when XML with external entity references is parsed, enabling ...

6.5CVSS5.9AI score0.01231EPSS
CVE
CVE
added 2018/04/12 3:0 p.m.54 views

CVE-2017-1790

Summary of CVE-2017-1790 : IBM DOORS Next Generation (DNG/RRC) versions 5.0–5.0.2 and 6.0–6.0.5 are affected by a cross-site scripting (XSS) vulnerability in the Web UI that could allow an attacker to inject JavaScript, potentially leading to credentials disclosure within a trusted session. The I...

5.4CVSS5.2AI score0.00551EPSS
CVE
CVE
added 2018/07/19 2:0 p.m.54 views

CVE-2018-1529

CVE-2018-1529 affects IBM Rational DOORS Next Generation (DNG) 5.0–5.0.2 and 6.0–6.0.5, and IBM Rational Requirements Composer 5.0–5.0.2, exposing cross-site scripting via the Web UI that could lead to credentials disclosure in a trusted session. Remediation provided by IBM fixes: upgrade Rationa...

5.4CVSS5.2AI score0.00968EPSS
CVE
CVE
added 2017/02/08 7:0 p.m.53 views

CVE-2017-1128

IBM DOORS Next Generation (DNG/RRC) versions affected: 4.0, 5.0, and 6.0. The Web UI is vulnerable to cross-site scripting via embedded JavaScript, enabling potential credential disclosure in a trusted session. Root cause: reflected/stored XSS in the Web UI (details are described in the IBM Secur...

5.4CVSS5.2AI score0.00645EPSS
CVE
CVE
added 2017/06/12 7:0 p.m.53 views

CVE-2017-1276

CVE-2017-1276 affects IBM DOORS Next Generation (DNG/RRC) Web UI for versions 4.0, 5.0 and 6.0, enabling cross-site scripting via embedded JavaScript that can lead to credentials disclosure in a trusted session. Root cause is XSS in the web interface. Affected products/versions are listed in IBM ...

5.4CVSS5.2AI score0.00729EPSS
CVE
CVE
added 2017/08/18 3:0 p.m.53 views

CVE-2017-1338

CVE-2017-1338 affects IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0, with a cross-site scripting flaw in the Web UI that can let an attacker embed arbitrary JavaScript and potentially disclose credentials in a trusted session. The IBM bulletin lists fixes by upgrading to: 6.0.2 iFix013 or ...

5.4CVSS5.2AI score0.00729EPSS
CVE
CVE
added 2015/04/27 1:0 a.m.52 views

CVE-2015-0113

CVE-2015-0113 affects IBM Jazz-based products (CLM, RTC, RRC, RDNG, RELM, RQM, Rhapsody DM, RSA DM, and related components) where the Jazz Help System permits remote attackers to read JSP source code by sending a crafted request. Affected versions include CLM 4.0–5.0.2, RQM 4.0–4.0.7 and 5.0–5.0....

5CVSS6.7AI score0.01209EPSS
CVE
CVE
added 2017/12/13 6:0 p.m.52 views

CVE-2017-1546

IBM DOORS Next Generation (DNG/RRC) versions 4.07, 5.0, and 6.0 are vulnerable to cross-site scripting via the Web UI, allowing arbitrary JavaScript execution and potential credentials disclosure in a trusted session. Affected products/versions include Rational DOORS Next Generation 6.0–6.0.4, Ra...

5.4CVSS5.2AI score0.00702EPSS
CVE
CVE
added 2014/03/04 10:0 p.m.51 views

CVE-2014-0846

CVE-2014-0846 affects IBM Rational Requirements Composer (RRC) and DOORS Next Generation. Vulnerable: RRC versions 3.x prior to 3.0.1.6 iFix2 and 4.x prior to 4.0.6, and DOORS Next Generation 4.x prior to 4.0.6. Issue: cross-site scripting (XSS) allowing remote authenticated users to inject arbit...

3.5CVSS5.2AI score0.00936EPSS
CVE
CVE
added 2015/05/30 7:0 p.m.51 views

CVE-2015-0121

CVE-2015-0121 affects IBM Rational Requirements Composer (RRC) versions 3.0–3.0.1.6 and 4.0–4.0.7, and Rational DOORS Next Generation (RDNG) 4.0–4.0.7 and 5.0–5.0.2. When WebSphere Application Server uses LTPA single sign-on, the RM session is not terminated after LTPA token expiration, allowing ...

3.7CVSS6.6AI score0.00436EPSS
CVE
CVE
added 2013/09/12 1:0 a.m.50 views

CVE-2013-3036

IBM Rational Requirements Composer prior to 4.0.4 is affected by an open redirect vulnerability. Remote authenticated users can construct a URL that redirects victims to arbitrary external sites, enabling phishing via crafted links. Documents consistently describe the issue as an open redirect wi...

4.9CVSS6.2AI score0.00852EPSS
CVE
CVE
added 2018/03/15 10:0 p.m.50 views

CVE-2015-7471

CVE-2015-7471 is an XSS vulnerability affecting IBM Jazz-based CLM products (and associated RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM, and Jazz Team Server components) across multiple versions (CLM 3.0.1–6.0.1, RQM 3.0.x–3.0.1.6, RTC 3.0.x–6.0.x, RRC 3.0.x–4.0.x, RDNG 4.0.x–6.0.x, RELM 4.0.3...

4.8CVSS4.9AI score0.00646EPSS
CVE
CVE
added 2017/06/12 7:0 p.m.50 views

CVE-2017-1247

CVE-2017-1247 affects IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0. The weakness is a cross-site scripting vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The IBM Security Bulletin confir...

5.4CVSS5.2AI score0.00729EPSS
CVE
CVE
added 2013/09/12 1:0 a.m.49 views

CVE-2013-3037

CVE-2013-3037 affects IBM Rational Requirements Composer prior to 4.0.4. The vulnerability is described as an unspecified local-privilege-escalation, enabling local users to gain privileges via unknown vectors. The connected documents confirm the vendor/product and version, but do not provide con...

4.4CVSS6.4AI score0.00293EPSS
CVE
CVE
added 2013/09/12 1:0 a.m.49 views

CVE-2013-3039

The vulnerability CVE-2013-3039 affects IBM Rational Requirements Composer before 4.0.4. The root cause is improper authentication, leading to an unspecified impact with remote attack vectors. Documents consolidate the issue but do not specify vulnerable components beyond the product/version, nor...

5.4CVSS6.7AI score0.00432EPSS
CVE
CVE
added 2013/12/10 7:0 p.m.49 views

CVE-2013-5404

CVE-2013-5404 is a cross-site scripting (XSS) vulnerability in the search implementation of IBM Rational Quality Manager (RQM) affecting 2.0–2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as deployed with Rational Team Concert, Rational Requirements Composer, and other products. The fl...

3.5CVSS5.2AI score0.00759EPSS
CVE
CVE
added 2017/02/08 7:0 p.m.49 views

CVE-2016-9748

The CVE-2016-9748 issue affects IBM Rational DOORS Next Generation (RDNG) and related configurations as described in IBM’s advisory. Affected versions include RDNG 6.0–6.0.2, RDNG 5.0–5.0.2, Rational Requirements Composer 4.0.7. The root cause is the disclosure of sensitive information in error r...

4.3CVSS4.3AI score0.00941EPSS
CVE
CVE
added 2016/01/03 12:0 a.m.48 views

CVE-2015-1971

CVE-2015-1971 affects IBM Jazz Team Server-based products across CLM, RRC, RDNG, RELM, RTC, RQM, Rhapsody DM, and RSA DM. An unspecified denial-of-service vulnerability exists in Jazz Team Server components used by these products, with affected ranges spanning CLM 3.0.1–5.0.2, RRC 2.0–4.0.7, RDNG...

4.3CVSS4.5AI score0.00545EPSS
CVE
CVE
added 2017/02/23 4:0 p.m.48 views

CVE-2016-6055

IBM Rational DOORS Next Generation is affected by a cross-site scripting (XSS) vulnerability (CVE-2016-6055) in the Web UI. Affected products: Rational DOORS Next Generation 6.0–6.0.2 (6.0.3 not affected), 5.0–5.0.2, and Rational Requirements Composer 4.0.1–4.0.7. The issue allows embedding arbit...

5.4CVSS5.2AI score0.00511EPSS
CVE
CVE
added 2017/02/15 7:0 p.m.48 views

CVE-2016-6060

CVE-2016-6060 affects IBM Rational DOORS Next Generation (DRN) 4.0–6.0.2 and related 5.x/4.x components. The vulnerability allows a JazzGuest user to see project names without proper permissions (undisclosed root cause). Affected: DRN 6.0–6.0.2, DRN 5.0–5.0.2, Rational Requirements Components 4.0...

4.3CVSS4.4AI score0.00683EPSS
CVE
CVE
added 2017/06/12 7:0 p.m.48 views

CVE-2017-1278

IBM DOORS Next Generation (DNG/RRC) versions 4.0–6.0 are affected by an HTML injection vulnerability that allows a remote attacker to inject HTML executed in the victim’s browser within the hosting site context. Affected products include Rational DOORS Next Generation 6.0–6.0.3 and Rational Requi...

5.4CVSS5.5AI score0.00869EPSS
CVE
CVE
added 2013/09/12 1:0 a.m.47 views

CVE-2013-3038

CVE-2013-3038 affects IBM Rational Requirements Composer prior to 4.0.4. The vulnerability is described as an unspecified issue that makes it easier for remote attackers to discover credentials via unknown vectors. The available connected sources list this product/version but do not provide concr...

5.4CVSS6.5AI score0.00562EPSS
CVE
CVE
added 2015/03/18 10:0 a.m.47 views

CVE-2014-6131

CVE-2014-6131 affects IBM Jazz Team Server (JTS) used in multiple IBM Rational products (CLM, RRC, RDNG, RELM, RTC, RQM, Rhapsody/RSA DM, etc.). A remote authenticated user can read another user’s dashboard via unspecified vectors, impacting dashboards across CLM- and Jazz-based deployments. Affe...

4CVSS6.2AI score0.01332EPSS
CVE
CVE
added 2015/07/20 1:0 a.m.47 views

CVE-2015-0130

CVE-2015-0130 describes a cross-site scripting vulnerability in IBM Jazz Foundation/CLM stack (including CLM, RRC, RDNG, RTC, RQM ). The root cause is improper validation of user-supplied input, allowing remote authenticated users to craft a URL that executes arbitrary script/HTML in the victim’s...

3.5CVSS5.2AI score0.00783EPSS
CVE
CVE
added 2015/03/18 10:0 a.m.46 views

CVE-2014-6129

CVE-2014-6129 affects IBM Jazz Team Server (JTS)–based products (CLM, RRC, RDNG, RELM, RTC, RQM, RSA DM, Rhapsody DM, etc.). Described as an authenticated issue where a user with knowledge of JTS can delete another user’s dashboard via unspecified vectors. Affected versions include Rational CLM 3...

5.5CVSS6.3AI score0.01374EPSS
CVE
CVE
added 2015/06/07 6:0 p.m.45 views

CVE-2015-0112

CVE-2015-0112 maps to an XML External Entity (XXE) issue in IBM Jazz Foundation/CLM stack (Jazz Team Server and multiple CLM-based products). Affected: CLM 3.0.1–5.0.2, RRC 2.0–4.0.7, RDNG 4.x–5.0.2, RELM 1.0/4.0.3–5.0.2, Rhapsody DM 3.0–5.0, RSA DM 3.0–5.0, RTC 2.0–5.0.2, RQM 2.0–5.0.2. Impact: ...

4CVSS6.3AI score0.0104EPSS
CVE
CVE
added 2018/03/20 9:0 p.m.45 views

CVE-2015-7449

CVE-2015-7449 affects IBM Jazz Foundation-based products (CLM, RRC, RDNG, RELM, RTC, RQM, Rhapsody DM, RSA DM, and related Jazz Team Server components). The root cause is the use of weaker than expected encryption, enabling local users to obtain sensitive information. Affected versions include CL...

3.3CVSS3.5AI score0.00131EPSS
CVE
CVE
added 2014/03/04 10:0 p.m.44 views

CVE-2014-0845

CVE-2014-0845 is an open redirect vulnerability in IBM Rational Requirements Composer (RRC) 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and in Rational DOORS Next Generation 4.x before 4.0.6. An authenticated remote attacker can craft a URL that redirects victims to arbitrary sites, enabling p...

4.9CVSS6.2AI score0.00951EPSS
CVE
CVE
added 2015/03/18 10:0 a.m.42 views

CVE-2015-0125

CVE-2015-0125 describes an XSS vulnerability in IBM Rational DOORS Next Generation (4.x < 4.0.7 iFix3; 5.x < 5.0.2) and Rational Requirements Composer (4.x

3.5CVSS5.2AI score0.00759EPSS