142 matches found
CVE-2017-1099
CVE-2017-1099 – IBM Jazz Foundation information disclosure : Multiple sources describe an information-disclosure vulnerability in IBM Jazz Foundation components (part of IBM Rational CLM/RTC/RQM, etc.). The provided documents state that an authenticated user could potentially access sensitive inf...
CVE-2020-4697
CVE-2020-4697 is a cross-site scripting vulnerability in IBM Jazz Foundation and related IBM Engineering products (notably IBM Engineering Workflow Management). The Web UI can be affected by an attacker embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted...
CVE-2020-4487
Summary: The CVE-2020-4487 issue affects IBM Jazz Foundation and related IBM Engineering Lifecycle Management products (e.g., ELM, DOORS Next, ENI, EWM, RTC, RMM, RDM, RQM, ELN) where a remote attacker could obtain sensitive information from a detailed technical error message returned by a browse...
CVE-2020-4544
IBM CVE-2020-4544 describes an information-disclosure vulnerability in IBM Jazz Foundation where a remote attacker could obtain sensitive data from detailed technical error messages returned by the browser. The issue affects IBM Jazz Foundation products within the IBM Engineering Lifecycle Manage...
CVE-2020-4733
The CVE-2020-4733 entry corresponds to a cross-site scripting vulnerability in IBM Jazz Foundation/Engineering products (IBM Engineering Test Management and related Web UI components). The IBM Security Bulletin lists affected products and versions, noting that an attacker could embed arbitrary Ja...
CVE-2020-4691
CVE-2020-4691 is an XSS vulnerability in IBM Jazz Foundation products (and related IBM Engineering Workflow Management components) where an attacker could embed arbitrary JavaScript in the Web UI, potentially exposing credentials in a trusted session. The connected IBM security bulletin lists aff...
CVE-2016-6024
CVE-2016-6024 affects NetComm Wireless HSPA 3G10WVE Wireless Router. The issue is a command injection in the ping.cgi page via the DIA_IPADDRESS parameter, enabling an unauthenticated attacker to inject commands and potentially compromise the device. Public materials describe authentication bypas...
CVE-2018-1827
The CVE-2018-1827 entry affects IBM Rational CLM 6.0–6.0.6.1 (including CLM components: CLM, DOORS Next, QRM, RTC, Rhapsody DM, RSA DM, RMM). Root cause: cross-site scripting in the Web UI that allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted s...
CVE-2021-20506
CVE-2021-20506 concerns IBM Jazz Foundation products (notably IBM Engineering Workflow Management, IBM Engineering Lifecycle Optimization – Engineering Insights, IBM Engineering Requirements Quality Assistant On-Premises, among others) suffering from cross-site scripting in the Web UI that could ...
CVE-2016-0273
The CVE-2016-0273 entry applies to IBM Jazz-based CLM suite (and related products: RQM, RTC, RDNG, RELM, Rhapsody DM, RSA DM, etc.) with a cross-site scripting vulnerability exploitable by remote authenticated users via a specially crafted URL to inject arbitrary web script/HTML. The root cause i...
CVE-2021-20447
CVE-2021-20447 affects IBM Jazz Foundation products with a cross-site scripting (XSS) vulnerability in the Web UI that can allow embedding arbitrary JavaScript and potentially lead to credentials disclosure within a trusted session. Connected sources confirm affected components such as IBM Engine...
CVE-2018-1758
CVE-2018-1758 affects IBM Rational CLM 6.0–6.0.6.1 across CLM components (CLM, RQM, RTC, DOORS Next Gen, Rhapsody/RA DM, and related). The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to inject JavaScript, potentially leading to credential disclosure wit...
CVE-2019-4083
CVE-2019-4083 affects IBM Jazz Foundation products (Rational CLM suite: CLM, RQM, RTC, DOORS, etc.) with cross-site scripting in the Web UI. Affected versions are 6.0–6.0.6.1. The root cause is an XSS vulnerability that could allow an attacker to inject arbitrary JavaScript, potentially leading t...
CVE-2020-4445
CVE-2020-4445 affects IBM Jazz Team Server based applications with a cross-site scripting vulnerability in the WEB UI. The issue enables embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. The vulnerability is identified across mult...
CVE-2021-20507
The CVE-2021-20507 entry affects IBM Jazz Foundation and IBM Engineering products, where a cross-site scripting flaw allows embedding arbitrary JavaScript in the Web UI, potentially exposing credentials within a trusted session. The vulnerability centers on Web UI script execution enabled by the ...
CVE-2021-20518
The CVE-2021-20518 issue affects IBM Jazz Foundation products (EWM, RTC, RELM, ENI, and IBM Engineering Requirements Quality Assistant On-Premises). It is described as a cross-site scripting vulnerability allowing an attacker to embed arbitrary JavaScript in the Web UI, with potential credential ...
CVE-2021-29713
CVE-2021-29713 affects IBM Jazz Team Server and related IBM Engineering Lifecycle Management components. The vulnerability is a cross-site scripting (XSS) flaw in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted s...
CVE-2021-29774
Summary: CVE-2021-29774 affects IBM Jazz Team Server family (including CLM, ELM, DOORS Next, RTC, EWM, Rhapsody) where an authenticated user could obtain elevated privileges under certain configurations. The root cause is insufficient validation of user privileges, enabling privilege escalation w...
CVE-2015-1928
CVE-2015-1928 affects IBM Jazz-based CLM ecosystem (Jazz Team Server and multiple CLM apps such as RRC, RDNG, RELM, RTC, RQM, Rhapsody DM, RSA DM, etc.). The connected IBM bulletin confirms a remote attacker can exploit via a crafted website to hijack the victim’s click actions (clickjacking). Af...
CVE-2017-1237
CVE-2017-1237 concerns a cross-site scripting vulnerability in IBM Jazz-based applications. The issue affects IBM Jazz Team Server and CLM-related products (CLM, RDNG, RELM, RTC, RQM, Rhapsody Design Manager, RSA Design Manager) across multiple versions (notably 5.0.x to 6.0.x). The underlying ri...
CVE-2017-1507
CVE-2017-1507 corresponds to an information-disclosure vulnerability in IBM Jazz Foundation/CLM stack (e.g., Rational CLM, RTC, RQM, DOORS Next Gen, etc.) where a scan could leak sensitive data. Affected versions include Rational CLM/RCS/RTC/RQM families from 4.0 up to 6.0.4, with remediation via...
CVE-2017-1509
CVE-2017-1509 concerns IBM Jazz Foundation products. An authenticated user could obtain sensitive information from a stack trace, which could aid future attacks (information disclosure). The CVE is discussed across multiple sources including NVD and IBM’s Security Bulletin on Jazz-based products,...
CVE-2017-1559
CVE-2017-1559 affects IBM Jazz-based Rational CLM/RQM/RRTC etc. products; the issue allows disclosure of sensitive information when an attacker intercepts vulnerable requests. The IBM bulletin lists impacted products (CLM 5.0–6.0.5, RQM, RTC, RDNG, RELM, RSA DM, Rhapsody DM, etc.) and provides re...
CVE-2015-7440
CVE-2015-7440 affects IBM Jazz-based CLM/RQM/RTC/etc. A local privilege-escalation vulnerability exists across multiple CLM family products (CLM 3.0.1.x up to 6.x; RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) that could allow a local user to gain privileges via unspecified vectors. Connected I...
CVE-2015-7453
CVE-2015-7453 : IBM Jazz/CLM family (including CLM, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) are vulnerable to cross-site scripting via remote crafted URLs. Affects CLM products 3.0.1–6.0.1, RQM 3.0.x–6.0.1, RTC 3.0.x–6.0.1, RRC 3.0.x–4.0.x, RDNG 4.0–6.0.1, RELM 4.0.x–6.0.1, Rhapsody DM 4....
CVE-2016-2986
IBM CVE-2016-2986 affects IBM Jazz-based products in CLM/RQM/RTC/RDNG/RELM/Rhapsody DM (versions 6.0.x prior to fixed 6.0.1 iFix6). The vulnerability is an XSS that lets remote authenticated users inject arbitrary JavaScript/HTML via unspecified vectors, potentially impacting credentials in a tru...
CVE-2018-1558
CVE-2018-1558 describes cross-site scripting in IBM Rational CLM and related Jazz-based products. Affected products include CLM, RDNG, RELM, RTC, RQM, Rhapsody DM, and RSA DM across 5.x and 6.x (up to 6.0.6). The vulnerability arises from a Web UI XSS flaw that can lead to credential disclosure w...
CVE-2020-4522
IBM Jazz Team Server based Applications are affected by a cross-site scripting vulnerability (CVE-2020-4522) in the Web UI, potentially enabling an attacker to inject arbitrary JavaScript and cause credentials disclosure within a trusted session. Affected products include IBM Engineering DOORS Ne...
CVE-2021-20520
CVE-2021-20520 is an IBM Jazz Foundation cross-site scripting (XSS) vulnerability affecting IBM Jazz Team Server based applications. The issue allows an attacker to inject arbitrary JavaScript into the Web UI, potentially exposing credentials within a trusted session. Affected products/versions i...
CVE-2021-29701
CVE-2021-29701 affects IBM Engineering Workflow Management (EWM) versions 7.0, 7.0.1, 7.0.2 and IBM Rational Team Concert (RTC) 6.0.6 and 6.0.6.1. The vulnerability allows an authenticated attacker to obtain sensitive information from build definitions, enabling potential follow-on attacks. Root ...
CVE-2015-4962
CVE-2015-4962 affects IBM Jazz-based CLM ecosystem (including CLM, RTC, RQM, RRC, RDNG, RELM, Rhapsody DM, RSA DM, etc.). The root cause is weak permissions on unspecified project areas, allowing remote authenticated users to obtain sensitive information via unknown vectors. Impact is information...
CVE-2017-1365
IBM Team Concert (RTC) and IBM Rational CLM are affected by a cross-site scripting vulnerability in the Web UI that can allow an attacker to inject arbitrary JavaScript and potentially disclose credentials within a trusted session. The CVE entry covers IBM Rational CLM/RRC components including CL...
CVE-2018-1760
Affected software: IBM Rational CLM suite (including CLM, RQM, RTC, DOORS Next Gen, RSM, RSA DM) running 6.0 – 6.0.6.1. Vulnerability: Cross-site scripting in the Web UI that allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Root cause ...
CVE-2018-1952
IBM Jazz Foundation’s RELM (IBM Rational Engineering Lifecycle Manager) 5.0–6.0.6 is affected by a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The issue is docu...
CVE-2020-4856
CVE-2020-4856 is a stored cross-site scripting vulnerability in IBM Engineering products, notably IBM Engineering DOORS Next (and related ELN/LRM/RQM/EWM/RTC families). The Web UI can embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a tru...
CVE-2020-4989
CVE-2020-4989 affects IBM Engineering Workflow Management (EWM) 7.0, 7.0.1, 7.0.2 and IBM Rational Team Concert (RTC) 6.0.6 and 6.0.0.1. Affected component is the build-definition access that an authenticated user can disclosure sensitive information about build definitions due to a vulnerability...
CVE-2021-20351
CVE-2021-20351 describes a cross-site scripting vulnerability in IBM Engineering products, allowing attackers to inject arbitrary JavaScript via the Web UI and potentially disclose credentials within a trusted session. The issue affects multiple IBM Engineering products in the Engineering Lifecyc...
CVE-2016-0284
The CVE-2016-0284 entry relates to an XML External Entity (XXE) vulnerability in the XML parser used by IBM Jazz-based CLM products. Affected products include Rational Collaborative Lifecycle Management (across 3.0.1.6 up to 6.0.2), Rational Quality Manager, Rational Team Concert, Rational DOORS ...
CVE-2019-4084
IBM Jazz Foundation (CLM) vulnerability CVE-2019-4084 affects Rational CLM products version 6.0 to 6.0.6.1. An authenticated user could obtain sensitive information from CLM Applications, as described in multiple sources (NVD/NVD-derived entries, CNVD, and IBM bulletin). The issue is categorized ...
CVE-2019-4250
CVE-2019-4250 is an XSS vulnerability in IBM Jazz Foundation products (IBM Rational CLM 6.0–6.0.6.1) affecting the Web UI and potentially enabling credentials disclosure within a trusted session. Root cause: cross-site scripting due to improper input handling in the Web UI. Affected products span...
CVE-2021-20352
Summary (CVE-2021-20352) : IBM Jazz Foundation products are vulnerable to cross-site scripting that can let an attacker embed arbitrary JavaScript in the Web UI, potentially disclosing credentials within a trusted session. The vulnerability affects multiple IBM Jazz-related products/versions, inc...
CVE-2021-20504
CVE-2021-20504 affects IBM Jazz Foundation products with a cross-site scripting vulnerability in the Web UI that could lead to credentials disclosure in a trusted session. Affected products/versions include IBM Engineering Workflow Management (EWM) 7.0, 7.0.1, 7.0.2; IBM Engineering Lifecycle Opt...
CVE-2015-4946
CVE-2015-4946 affects IBM CLM/Jazz-based products (RCLM, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) and related Jazz Team Server components. The issue allows an authenticated user to bypass access restrictions and perform unauthorized actions due to a design/logic flaw in IBM Rational LifeCy...
CVE-2016-0372
CVE-2016-0372 affects IBM Jazz-based CLM/RTC/RQM and related products. The vulnerability stems from not setting the secure flag on the session cookie in SSL mode, allowing a remote attacker to capture the cookie over HTTP. Impact is cookie exposure, not full remote code execution. Affected versio...
CVE-2016-2987
CVE-2016-2987 is an IBM CLM family information-disclosure issue described as an undisclosed vulnerability that could cause some administrative deployment parameters to be shown to an attacker. Connected IBM bulletin confirms affected products (CLM, RDNG, RELM, RTC, RQM, Rhapsody DM, RSA DM) and p...
CVE-2016-9973
IBM Security Bulletin AFBE46D8 confirms CVE-2016-9973 as a Cross-Site Scripting flaw in IBM Jazz Foundation/Web UI affecting IBM Jazz Team Server and multiple Rational products in CLM/RQM/RDNG/RTP families. The vulnerability arises in the Jazz Foundation component and could let an attacker inject...
CVE-2017-1240
CVE-2017-1240 affects IBM Rational Rhapsody Design Manager (RDM) within IBM CLM family. Affected versions: RDM 4.0–4.0.7, 5.0–5.0.2, and 6.0–6.0.4. Description in connected sources shows an information-disclosure flaw where sensitive data could be exposed via HTTP 500 Internal Server Error respon...
CVE-2017-1251
CVE-2017-1251 describes an undisclosed vulnerability in IBM CLM applications that may cause some administrative deployment parameters to be exposed to an attacker. IBM IBM Jazz/CLM family products (RTC, RQM, RRC, and related CLM components such as RDNG, RELM, Rhapsody Design Manager, RSA DM, etc....
CVE-2017-1700
The CVE-2017-1700 issue involves IBM Jazz Team Server and associated Rational products (CLM, RDNG, RELM, RTC, RQM, Rhapsody Design Manager, RSA DM). Description from IBM security bulletin: an authenticated user may cause a denial of service due to incorrect authorization in resource-intensive sce...
CVE-2017-1725
CVE-2017-1725 is an undisclosed information-disclosure vulnerability affecting IBM Jazz Team Server and multiple IBM Rational products based on Jazz technology (including CLM, RDNG, RELM, RTC, RQM, Rhapsody DM, RSA DM). The IBM security bulletin consolidates affected versions across CLM/RQM/RTC/R...