National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ibm:rational_collaborative_lifecycle_management:5.0
There are 65 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2017-1365

IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858.

Published: December 27, 2017; 11:29:14 AM -05:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2017-1191

An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.

Published: December 27, 2017; 11:29:13 AM -05:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-1507

IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.

Published: December 11, 2017; 04:29:00 PM -05:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-1570

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.

Published: November 27, 2017; 04:29:00 PM -05:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-1251

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.

Published: November 27, 2017; 04:29:00 PM -05:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-1240

IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.

Published: November 27, 2017; 04:29:00 PM -05:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2016-6024

IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.

Published: November 27, 2017; 04:29:00 PM -05:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-1363

IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856.

Published: October 25, 2017; 08:29:00 AM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2017-1295

IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157.

Published: October 25, 2017; 08:29:00 AM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-1241

An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523.

Published: October 25, 2017; 08:29:00 AM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-1169

IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188.

Published: October 25, 2017; 08:29:00 AM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2017-1164

IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036.

Published: October 25, 2017; 08:29:00 AM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2016-9700

IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528.

Published: July 05, 2017; 02:29:00 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2016-9746

IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119821.

Published: July 05, 2017; 01:29:00 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2016-9733

IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762.

Published: July 05, 2017; 01:29:00 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2016-9701

IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529.

Published: July 05, 2017; 01:29:00 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2017-1099

IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.

Published: June 13, 2017; 03:29:00 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2016-9973

IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.

Published: June 13, 2017; 03:29:00 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2016-9735

IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,

Published: May 15, 2017; 05:29:00 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2016-9707

IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.

Published: March 31, 2017; 02:59:00 PM -04:00
V3: 8.1 HIGH
V2: 7.5 HIGH