Ibm Rational_software_architect_design_manager
34 CVEs affecting Ibm Rational_software_architect_design_manager. Latest disclosed: 2017-12-27. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-9707 | High | 8.1 | 2017-03-31 | IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker co… |
CVE-2015-1928 | Medium | 6.8 | 2016-01-02 | Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x befor… |
CVE-2017-1365 | Medium | 5.4 | 2017-12-27 | IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability a… |
CVE-2017-1245 | Medium | 5.4 | 2017-07-24 | IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript… |
CVE-2016-9973 | Medium | 5.4 | 2017-06-13 | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the i… |
CVE-2016-3014 | Medium | 5.4 | 2016-11-30 | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quali… |
CVE-2016-2926 | Medium | 5.4 | 2016-11-25 | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6… |
CVE-2016-2864 | Medium | 5.4 | 2016-11-24 | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFi… |
CVE-2016-0284 | Medium | 5.4 | 2016-11-24 | The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2… |
CVE-2016-0273 | Medium | 5.4 | 2016-11-24 | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFi… |
CVE-2017-1191 | Medium | 4.3 | 2017-12-27 | An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to re… |
CVE-2017-1507 | Medium | 4.3 | 2017-12-11 | IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619. |
CVE-2017-1570 | Medium | 4.3 | 2017-11-27 | IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852. |
CVE-2017-1251 | Medium | 4.3 | 2017-11-27 | An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631. |
CVE-2017-1240 | Medium | 4.3 | 2017-11-27 | IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359. |
CVE-2016-6024 | Medium | 4.3 | 2017-11-27 | IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868. |
CVE-2016-9700 | Medium | 4.3 | 2017-07-05 | IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528. |
CVE-2017-1099 | Medium | 4.3 | 2017-06-13 | IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659. |
CVE-2016-9735 | Medium | 4.3 | 2017-05-15 | IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781, |
CVE-2016-2987 | Medium | 4.3 | 2017-02-01 | An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. |