Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:rational_quality_manager:3.0.1.6
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-6144 |
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Published: March 12, 2015; 9:59:18 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-4801 |
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Published: December 18, 2014; 9:59:00 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-3092 |
IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. Published: September 11, 2014; 9:55:06 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-5404 |
Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element. Published: December 10, 2013; 2:55:07 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |