Rational Requirements Composer@4.0.0 Security Vulnerabilities and Issues — Rational Requirements Composer@4.0.0 CVE List

Lucene search

IbmRational Requirements Composer4.0.0

16 matches found

CVE•added 2017/02/08 7:59 p.m.•50 views

CVE-2017-1127

IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.2AI score0.00303EPSS

CVE•added 2015/03/18 10:59 a.m.•47 views

CVE-2015-0132

The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial...

7.8CVSS6.8AI score0.00852EPSS

CVE•added 2014/09/12 1:55 a.m.•45 views

CVE-2014-3092

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for r...

5CVSS6.2AI score0.00225EPSS

CVE•added 2017/02/08 7:59 p.m.•43 views

CVE-2017-1128

IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.2AI score0.00303EPSS

CVE•added 2014/03/04 10:55 p.m.•42 views

CVE-2014-0844

Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors.

3.5CVSS6.2AI score0.00158EPSS

CVE•added 2015/05/30 7:59 p.m.•40 views

CVE-2015-0121

IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token...

3.7CVSS6.6AI score0.00193EPSS

CVE•added 2013/09/12 1:28 p.m.•39 views

CVE-2013-3036

Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

4.9CVSS6.2AI score0.00141EPSS

CVE•added 2013/09/12 1:28 p.m.•38 views

CVE-2013-3037

Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors.

4.4CVSS6.4AI score0.00054EPSS

CVE•added 2013/09/12 1:28 p.m.•38 views

CVE-2013-3039

IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors.

5.4CVSS6.7AI score0.0008EPSS

CVE•added 2015/04/27 11:59 a.m.•38 views

CVE-2015-0113

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generatio...

5CVSS6.7AI score0.00225EPSS

CVE•added 2013/09/12 1:28 p.m.•35 views

CVE-2013-3038

Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors.

5.4CVSS6.5AI score0.00221EPSS

CVE•added 2014/03/04 10:55 p.m.•35 views

CVE-2014-0846

Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00188EPSS

CVE•added 2015/07/20 1:59 a.m.•35 views

CVE-2015-0130

Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x befor...

3.5CVSS5.2AI score0.00166EPSS

CVE•added 2015/06/07 6:59 p.m.•33 views

CVE-2015-0112

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 throug...

4CVSS6.3AI score0.00206EPSS

CVE•added 2014/03/04 10:55 p.m.•32 views

CVE-2014-0845

Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

4.9CVSS6.2AI score0.0016EPSS

CVE•added 2015/03/18 10:59 a.m.•31 views

CVE-2015-0125

Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 4.x before 4.0.7 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00166EPSS