Lucene search

K
IbmRational Team Concert

146 matches found

CVE
CVE
added 2019/06/27 2:15 p.m.44 views

CVE-2018-1760

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.4AI score0.00208EPSS
CVE
CVE
added 2019/06/27 2:15 p.m.44 views

CVE-2018-1826

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.4AI score0.00208EPSS
CVE
CVE
added 2019/03/14 11:0 p.m.44 views

CVE-2018-1952

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ...

5.4CVSS5.1AI score0.00229EPSS
CVE
CVE
added 2019/06/27 2:15 p.m.44 views

CVE-2019-4252

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.

7.5CVSS7.2AI score0.00612EPSS
CVE
CVE
added 2020/09/02 7:15 p.m.44 views

CVE-2020-4445

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122.

5.4CVSS5.2AI score0.00236EPSS
CVE
CVE
added 2021/10/27 4:15 p.m.44 views

CVE-2021-29673

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482.

5.4CVSS5.6AI score0.00215EPSS
CVE
CVE
added 2021/10/27 4:15 p.m.44 views

CVE-2021-29774

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.

7.5CVSS7.5AI score0.00269EPSS
CVE
CVE
added 2024/10/22 3:15 p.m.44 views

CVE-2024-43177

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.

9.8CVSS6AI score0.00068EPSS
CVE
CVE
added 2018/01/16 7:29 p.m.43 views

CVE-2016-0219

XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693.

6.5CVSS5.9AI score0.00395EPSS
CVE
CVE
added 2016/11/25 3:59 a.m.43 views

CVE-2016-2947

IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18...

4CVSS3.2AI score0.00178EPSS
CVE
CVE
added 2017/12/27 4:29 p.m.43 views

CVE-2017-1191

An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.

4.3CVSS4.6AI score0.0013EPSS
CVE
CVE
added 2019/03/14 10:29 p.m.43 views

CVE-2018-1688

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

5.4CVSS5.1AI score0.00229EPSS
CVE
CVE
added 2021/03/04 7:15 p.m.43 views

CVE-2020-4857

IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460.

6.4CVSS5.4AI score0.00174EPSS
CVE
CVE
added 2021/07/19 4:15 p.m.43 views

CVE-2020-5031

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

5.4CVSS5.2AI score0.00223EPSS
CVE
CVE
added 2021/03/30 5:15 p.m.43 views

CVE-2021-20502

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.

7.1CVSS7.2AI score0.00274EPSS
CVE
CVE
added 2021/03/30 5:15 p.m.43 views

CVE-2021-20503

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198182.

5.4CVSS5.5AI score0.00158EPSS
CVE
CVE
added 2018/03/15 10:29 p.m.42 views

CVE-2015-7440

IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 ...

7.8CVSS7.3AI score0.00049EPSS
CVE
CVE
added 2017/05/10 2:29 p.m.42 views

CVE-2017-1103

IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665.

8.1CVSS8AI score0.00378EPSS
CVE
CVE
added 2018/01/26 9:29 p.m.42 views

CVE-2017-1653

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS5.1AI score0.00574EPSS
CVE
CVE
added 2018/08/20 9:29 p.m.42 views

CVE-2017-1753

Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.

5.4CVSS5.5AI score0.00078EPSS
CVE
CVE
added 2018/08/20 9:29 p.m.42 views

CVE-2018-1394

Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425.

5.4CVSS5.2AI score0.00105EPSS
CVE
CVE
added 2018/10/02 3:29 p.m.42 views

CVE-2018-1558

IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

5.4CVSS5.1AI score0.00158EPSS
CVE
CVE
added 2024/09/13 2:15 a.m.42 views

CVE-2024-43180

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can the...

4.3CVSS4.3AI score0.00037EPSS
CVE
CVE
added 2018/03/23 7:29 p.m.41 views

CVE-2017-1524

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970.

4.3CVSS4.3AI score0.00264EPSS
CVE
CVE
added 2018/03/23 7:29 p.m.41 views

CVE-2017-1602

IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625.

4.3CVSS4.5AI score0.00165EPSS
CVE
CVE
added 2018/03/23 7:29 p.m.41 views

CVE-2017-1655

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...

5.4CVSS5.2AI score0.00216EPSS
CVE
CVE
added 2018/11/06 4:29 p.m.41 views

CVE-2018-1694

IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5...

5.9CVSS5.4AI score0.00266EPSS
CVE
CVE
added 2019/06/27 2:15 p.m.41 views

CVE-2018-1893

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.4AI score0.00208EPSS
CVE
CVE
added 2021/03/04 7:15 p.m.41 views

CVE-2020-4866

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742.

5.4CVSS5.5AI score0.00208EPSS
CVE
CVE
added 2021/03/04 7:15 p.m.41 views

CVE-2021-20340

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451.

5.4CVSS5.5AI score0.00208EPSS
CVE
CVE
added 2021/04/12 6:15 p.m.41 views

CVE-2021-20519

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.

5.4CVSS5.6AI score0.00157EPSS
CVE
CVE
added 2021/10/27 4:15 p.m.41 views

CVE-2021-29844

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

8.8CVSS8.7AI score0.00128EPSS
CVE
CVE
added 2016/09/12 10:59 a.m.40 views

CVE-2016-0331

Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS4.9AI score0.00199EPSS
CVE
CVE
added 2016/11/25 3:59 a.m.40 views

CVE-2016-2986

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle Ma...

5.4CVSS4.9AI score0.00168EPSS
CVE
CVE
added 2017/07/05 5:29 p.m.40 views

CVE-2016-9701

IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529.

5.4CVSS5.2AI score0.00272EPSS
CVE
CVE
added 2018/04/24 2:29 p.m.40 views

CVE-2017-1734

IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody...

4.3CVSS4.5AI score0.0021EPSS
CVE
CVE
added 2019/03/14 11:0 p.m.40 views

CVE-2018-1982

IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154135...

5.4CVSS5.2AI score0.00229EPSS
CVE
CVE
added 2021/03/04 7:15 p.m.40 views

CVE-2020-4856

IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459.

6.4CVSS5.4AI score0.0025EPSS
CVE
CVE
added 2021/04/12 6:15 p.m.40 views

CVE-2020-4965

IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.

7.5CVSS7.6AI score0.00111EPSS
CVE
CVE
added 2021/03/04 7:15 p.m.40 views

CVE-2021-20350

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707.

5.4CVSS5.5AI score0.00208EPSS
CVE
CVE
added 2021/10/27 4:15 p.m.40 views

CVE-2021-29786

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.

6.5CVSS6.6AI score0.00087EPSS
CVE
CVE
added 2024/10/22 3:15 p.m.40 views

CVE-2024-43173

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.

3.7CVSS4.1AI score0.00056EPSS
CVE
CVE
added 2018/03/15 10:29 p.m.39 views

CVE-2015-7471

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4....

4.8CVSS4.9AI score0.00132EPSS
CVE
CVE
added 2016/11/24 7:59 p.m.39 views

CVE-2016-0285

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 be...

5.4CVSS5.1AI score0.00168EPSS
CVE
CVE
added 2018/07/10 4:29 p.m.39 views

CVE-2018-1423

IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.

6.5CVSS6.1AI score0.00186EPSS
CVE
CVE
added 2018/07/10 4:29 p.m.39 views

CVE-2018-1492

IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.

6.8CVSS6.3AI score0.00051EPSS
CVE
CVE
added 2018/11/29 5:0 p.m.39 views

CVE-2018-1762

IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wit...

5.4CVSS5.1AI score0.00229EPSS
CVE
CVE
added 2019/06/27 2:15 p.m.39 views

CVE-2018-1828

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.4AI score0.00208EPSS
CVE
CVE
added 2019/06/27 2:15 p.m.39 views

CVE-2018-1892

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.4AI score0.00208EPSS
CVE
CVE
added 2020/07/16 3:15 p.m.39 views

CVE-2019-4747

IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887.

5.4CVSS5.3AI score0.00179EPSS
Total number of security vulnerabilities146