Rational Team Concert@4.0.7 Security Vulnerabilities and Issues — Rational Team Concert@4.0.7 CVE List

Lucene search

IbmRational Team Concert4.0.7

39 matches found

CVE•added 2017/06/13 7:29 p.m.•70 views

CVE-2017-1099

IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.

4.3CVSS4.9AI score0.35506EPSS

CVE•added 2017/11/27 9:29 p.m.•57 views

CVE-2016-6024

IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.

4.3CVSS5.1AI score0.0013EPSS

CVE•added 2016/11/24 7:59 p.m.•54 views

CVE-2016-0273

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 be...

5.4CVSS5.1AI score0.00168EPSS

CVE•added 2016/01/02 9:59 p.m.•49 views

CVE-2015-1928

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; R...

6.8CVSS6.1AI score0.00303EPSS

CVE•added 2017/12/11 9:29 p.m.•49 views

CVE-2017-1507

IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.

4.3CVSS4.1AI score0.0013EPSS

CVE•added 2016/01/03 5:59 a.m.•48 views

CVE-2015-4962

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Te...

3.5CVSS3.5AI score0.00073EPSS

CVE•added 2017/02/01 8:59 p.m.•48 views

CVE-2016-2987

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.

4.3CVSS4.8AI score0.00179EPSS

CVE•added 2016/01/03 5:59 a.m.•47 views

CVE-2015-4946

Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x...

3.3CVSS3.8AI score0.00054EPSS

CVE•added 2016/11/24 7:59 p.m.•47 views

CVE-2016-0284

The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational...

5.5CVSS5.5AI score0.00334EPSS

CVE•added 2017/06/13 7:29 p.m.•47 views

CVE-2016-9973

IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.

5.4CVSS5.2AI score0.00255EPSS

CVE•added 2017/11/27 9:29 p.m.•47 views

CVE-2017-1240

IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.

4.3CVSS4.2AI score0.00177EPSS

CVE•added 2016/11/24 7:59 p.m.•46 views

CVE-2016-0372

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0....

4.3CVSS4.5AI score0.00263EPSS

CVE•added 2016/11/30 11:59 a.m.•46 views

CVE-2016-3014

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, R...

5.4CVSS4.9AI score0.00684EPSS

CVE•added 2017/11/27 9:29 p.m.•46 views

CVE-2017-1251

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.

4.3CVSS4.4AI score0.0013EPSS

CVE•added 2017/11/27 9:29 p.m.•46 views

CVE-2017-1570

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.

4.3CVSS4.1AI score0.00178EPSS

CVE•added 2017/03/31 6:59 p.m.•45 views

CVE-2016-9707

IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.

8.1CVSS8.1AI score0.00359EPSS

CVE•added 2018/01/16 7:29 p.m.•43 views

CVE-2016-0219

XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693.

6.5CVSS5.9AI score0.00395EPSS

CVE•added 2016/11/25 3:59 a.m.•43 views

CVE-2016-2947

IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18...

4CVSS3.2AI score0.00178EPSS

CVE•added 2017/05/10 2:29 p.m.•42 views

CVE-2017-1103

IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665.

8.1CVSS8AI score0.00378EPSS

CVE•added 2017/07/05 5:29 p.m.•40 views

CVE-2016-9701

IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529.

5.4CVSS5.2AI score0.00272EPSS

CVE•added 2016/11/24 7:59 p.m.•39 views

CVE-2016-0285

5.4CVSS5.1AI score0.00168EPSS

CVE•added 2015/04/27 11:59 a.m.•38 views

CVE-2015-0113

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generatio...

5CVSS6.7AI score0.00225EPSS

CVE•added 2016/01/03 12:59 a.m.•37 views

CVE-2015-1971

Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational ...

4.3CVSS4.5AI score0.00249EPSS

CVE•added 2016/11/24 7:59 p.m.•37 views

CVE-2016-2864

5.4CVSS5.1AI score0.00168EPSS

CVE•added 2017/05/10 2:29 p.m.•37 views

CVE-2016-6037

IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting...

4.8CVSS5.8AI score0.00152EPSS

CVE•added 2017/07/05 5:29 p.m.•36 views

CVE-2017-1113

IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1...

5.4CVSS5.2AI score0.00272EPSS

CVE•added 2015/03/18 10:59 a.m.•35 views

CVE-2014-6131

IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x bef...

4CVSS6.2AI score0.00158EPSS

CVE•added 2015/07/20 1:59 a.m.•35 views

CVE-2015-0130

Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x befor...

3.5CVSS5.2AI score0.00166EPSS

CVE•added 2016/11/24 7:59 p.m.•35 views

CVE-2016-0325

7.5CVSS6.4AI score0.0047EPSS

CVE•added 2015/03/18 10:59 a.m.•34 views

CVE-2014-6129

5.5CVSS6.3AI score0.00348EPSS

CVE•added 2017/07/05 5:29 p.m.•34 views

CVE-2016-9733

IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762.

5.4CVSS5.2AI score0.00272EPSS

CVE•added 2017/07/05 5:29 p.m.•34 views

CVE-2016-9746

5.4CVSS5.2AI score0.00272EPSS

CVE•added 2015/06/07 6:59 p.m.•33 views

CVE-2015-0112

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 throug...

4CVSS6.3AI score0.00206EPSS

CVE•added 2016/11/25 8:59 p.m.•33 views

CVE-2016-2926

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 ...

5.4CVSS4.9AI score0.00541EPSS

CVE•added 2017/07/05 6:29 p.m.•32 views

CVE-2016-9700

IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528.

4.3CVSS4.1AI score0.00177EPSS

CVE•added 2015/03/13 1:59 a.m.•31 views

CVE-2015-0122

Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0123.

3.5CVSS5.2AI score0.00188EPSS

CVE•added 2015/03/13 1:59 a.m.•31 views

CVE-2015-0123

3.5CVSS5.2AI score0.00188EPSS

CVE•added 2017/05/10 2:29 p.m.•29 views

CVE-2016-6035

IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896.

5.4CVSS5.5AI score0.00258EPSS

CVE•added 2017/05/15 9:29 p.m.•29 views

CVE-2016-9735

IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,

4.3CVSS4.1AI score0.00204EPSS