Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Rational_engineering_lifecycle_manager
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 141 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-07-28 | CVE-2020-5004 | IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957. | Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_requirements_quality_assistant_on\-Premises, Engineering_test_management, Engineering_workflow_management, Rational_collaborative_lifecycle_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Rational_team_concert | 5.4 | ||
| 2021-10-27 | CVE-2021-29673 | IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482. | Engineering_lifecycle_optimization, Engineering_workflow_management, Rational_collaborative_lifecycle_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_team_concert | 5.4 | ||
| 2021-10-27 | CVE-2021-29713 | IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Engineering_lifecycle_optimization, Rational_collaborative_lifecycle_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_team_concert | 5.4 | ||
| 2021-10-27 | CVE-2021-29774 | IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025. | Engineering_lifecycle_optimization, Engineering_workflow_management, Rational_collaborative_lifecycle_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_team_concert | 7.5 | ||
| 2021-10-27 | CVE-2021-29786 | IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172. | Engineering_lifecycle_optimization, Engineering_workflow_management, Rational_collaborative_lifecycle_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_team_concert | 6.5 | ||
| 2021-10-27 | CVE-2021-29844 | IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | Engineering_lifecycle_optimization, Engineering_requirements_quality_assistant_on\-Premises, Engineering_workflow_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_rhapsody_design_manager, Rational_team_concert | 8.8 | ||
| 2019-06-27 | CVE-2019-4250 | IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648. | Rational_collaborative_lifecycle_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Rational_rhapsody_design_manager, Rational_software_architect_design_manager, Rational_team_concert | 5.4 | ||
| 2019-06-27 | CVE-2019-4252 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883. | Rational_collaborative_lifecycle_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Rational_rhapsody_design_manager, Rational_software_architect_design_manager, Rational_team_concert | 7.5 | ||
| 2019-06-27 | CVE-2018-1734 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838. | Rational_collaborative_lifecycle_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Rational_rhapsody_design_manager, Rational_software_architect_design_manager, Rational_team_concert, Rhapsody_model_manager | 4.3 | ||
| 2019-06-27 | CVE-2018-1758 | IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605. | Rational_collaborative_lifecycle_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Rational_rhapsody_design_manager, Rational_software_architect_design_manager, Rational_team_concert, Rhapsody_model_manager | 5.4 |