Vulnerabilites related to ibm - rational_collaborative_lifecycle_management
CVE-2014-6129 (GCVE-0-2014-6129)
Vulnerability from cvelistv5
Published
2015-03-18 10:00
Modified
2024-08-06 12:10
Severity ?
CWE
  • n/a
Summary
IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:10:11.788Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-03-18T07:57:00",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6129",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698247",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6129",
    "datePublished": "2015-03-18T10:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:10:11.788Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1892 (GCVE-0-2018-1892)
Vulnerability from cvelistv5
Published
2019-06-27 13:45
Modified
2024-09-16 22:50
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.688Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
          },
          {
            "name": "ibm-rqm-cve20181892-xss (152156)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152156"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/C:L/I:L/S:C/AC:L/A:N/UI:R/AV:N/PR:L/RL:O/RC:C/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
        },
        {
          "name": "ibm-rqm-cve20181892-xss (152156)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152156"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-25T00:00:00",
          "ID": "CVE-2018-1892",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
            },
            {
              "name": "ibm-rqm-cve20181892-xss (152156)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152156"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1892",
    "datePublished": "2019-06-27T13:45:29.670935Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T22:50:38.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1629 (GCVE-0-2017-1629)
Vulnerability from cvelistv5
Published
2018-03-23 19:00
Modified
2024-09-17 01:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133127.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.218Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103477"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133127"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-03-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133127."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-24T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "103477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103477"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133127"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-03-20T00:00:00",
          "ID": "CVE-2017-1629",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133127."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103477"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22014815",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133127",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133127"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1629",
    "datePublished": "2018-03-23T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T01:46:44.330Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1690 (GCVE-0-2017-1690)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-17 02:05
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134065.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.969Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          },
          {
            "name": "ibm-rqm-cve20171690-xss(134065)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134065"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134065."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        },
        {
          "name": "ibm-rqm-cve20171690-xss(134065)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134065"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1690",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134065."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            },
            {
              "name": "ibm-rqm-cve20171690-xss(134065)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134065"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1690",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T02:05:35.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-6131 (GCVE-0-2014-6131)
Vulnerability from cvelistv5
Published
2015-03-18 10:00
Modified
2024-08-06 12:10
Severity ?
CWE
  • n/a
Summary
IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:10:12.048Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-03-18T07:57:00",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6131",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698247",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6131",
    "datePublished": "2015-03-18T10:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:10:12.048Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1099 (GCVE-0-2017-1099)
Vulnerability from cvelistv5
Published
2017-06-13 19:00
Modified
2024-08-05 13:25
Severity ?
CWE
  • Obtain Information
Summary
IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 4.0
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.178Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22004534"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120659"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-13T18:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22004534"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120659"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1099",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22004534",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22004534"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120659",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120659"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1099",
    "datePublished": "2017-06-13T19:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:25:17.178Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-3014 (GCVE-0-2016-3014)
Vulnerability from cvelistv5
Published
2016-11-30 11:00
Modified
2024-08-05 23:40
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
http://www.securitytracker.com/id/1037026 vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/93515 vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1037025 vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1037028 vdb-entry, x_refsource_SECTRACK
http://www-01.ibm.com/support/docview.wss?uid=swg21992151 x_refsource_CONFIRM
http://www.securitytracker.com/id/1037027 vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:14.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037026",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037026"
          },
          {
            "name": "93515",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93515"
          },
          {
            "name": "1037025",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037025"
          },
          {
            "name": "1037028",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037028"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992151"
          },
          {
            "name": "1037027",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037027"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1037026",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037026"
        },
        {
          "name": "93515",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93515"
        },
        {
          "name": "1037025",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037025"
        },
        {
          "name": "1037028",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037028"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992151"
        },
        {
          "name": "1037027",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037027"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-3014",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037026",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037026"
            },
            {
              "name": "93515",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93515"
            },
            {
              "name": "1037025",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037025"
            },
            {
              "name": "1037028",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037028"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21992151",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992151"
            },
            {
              "name": "1037027",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037027"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-3014",
    "datePublished": "2016-11-30T11:00:00",
    "dateReserved": "2016-03-09T00:00:00",
    "dateUpdated": "2024-08-05T23:40:14.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1762 (GCVE-0-2017-1762)
Vulnerability from cvelistv5
Published
2018-03-23 19:00
Modified
2024-09-16 23:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136006.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136006"
          },
          {
            "name": "103477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103477"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-03-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136006."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-24T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136006"
        },
        {
          "name": "103477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103477"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-03-20T00:00:00",
          "ID": "CVE-2017-1762",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136006."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136006",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136006"
            },
            {
              "name": "103477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103477"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22014815",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1762",
    "datePublished": "2018-03-23T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T23:00:53.401Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29713 (GCVE-0-2021-29713)
Vulnerability from cvelistv5
Published
2021-10-27 16:00
Modified
2024-09-16 16:32
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:02.516Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6508583"
          },
          {
            "name": "ibm-jazz-cve202129713-xss (200967)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200967"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2021-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/C:L/I:L/S:C/PR:L/AV:N/UI:R/AC:L/A:N/E:H/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-27T16:00:26",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6508583"
        },
        {
          "name": "ibm-jazz-cve202129713-xss (200967)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200967"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-10-25T00:00:00",
          "ID": "CVE-2021-29713",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6508583",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6508583"
            },
            {
              "name": "ibm-jazz-cve202129713-xss (200967)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200967"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29713",
    "datePublished": "2021-10-27T16:00:26.464499Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-16T16:32:30.155Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1828 (GCVE-0-2018-1828)
Vulnerability from cvelistv5
Published
2019-06-27 13:45
Modified
2024-09-17 00:31
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.448Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
          },
          {
            "name": "ibm-rqm-cve20181828-xss (150431)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150431"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/AV:N/PR:L/I:L/S:C/C:L/AC:L/A:N/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
        },
        {
          "name": "ibm-rqm-cve20181828-xss (150431)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150431"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-25T00:00:00",
          "ID": "CVE-2018-1828",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
            },
            {
              "name": "ibm-rqm-cve20181828-xss (150431)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150431"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1828",
    "datePublished": "2019-06-27T13:45:29.629889Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T00:31:41.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4252 (GCVE-0-2019-4252)
Vulnerability from cvelistv5
Published
2019-06-27 13:45
Modified
2024-09-16 18:23
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:37.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
          },
          {
            "name": "ibm-rtc-cve20194252-info-disc (159883)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159883"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/S:U/I:N/C:H/PR:L/AV:N/UI:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
        },
        {
          "name": "ibm-rtc-cve20194252-info-disc (159883)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159883"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-25T00:00:00",
          "ID": "CVE-2019-4252",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
            },
            {
              "name": "ibm-rtc-cve20194252-info-disc (159883)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159883"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4252",
    "datePublished": "2019-06-27T13:45:29.960679Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T18:23:47.067Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29786 (GCVE-0-2021-29786)
Vulnerability from cvelistv5
Published
2021-10-27 16:00
Modified
2024-09-16 19:31
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.
References
Impacted products
Vendor Product Version
IBM Engineering Lifecycle Optimization Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:02.938Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6508583"
          },
          {
            "name": "ibm-jazz-cve202129786-info-disc (203172)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203172"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2021-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:H/I:N/S:U/PR:L/AV:N/UI:N/AC:L/A:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-27T16:00:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6508583"
        },
        {
          "name": "ibm-jazz-cve202129786-info-disc (203172)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203172"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-10-25T00:00:00",
          "ID": "CVE-2021-29786",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6508583",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6508583"
            },
            {
              "name": "ibm-jazz-cve202129786-info-disc (203172)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203172"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29786",
    "datePublished": "2021-10-27T16:00:29.665687Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-16T19:31:21.815Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9701 (GCVE-0-2016-9701)
Vulnerability from cvelistv5
Published
2017-07-05 17:00
Modified
2024-09-16 20:03
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 4.0
Version: 4.0.1
Version: 4.0.0.1
Version: 4.0.0.2
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:03.225Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119529"
          },
          {
            "name": "99352",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99352"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611"
          },
          {
            "name": "1038912",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038912"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-25T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119529"
        },
        {
          "name": "99352",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99352"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611"
        },
        {
          "name": "1038912",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038912"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-06-30T00:00:00",
          "ID": "CVE-2016-9701",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.0.1"
                          },
                          {
                            "version_value": "4.0.0.2"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119529",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119529"
            },
            {
              "name": "99352",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99352"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22004611",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611"
            },
            {
              "name": "1038912",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038912"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-9701",
    "datePublished": "2017-07-05T17:00:00Z",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-09-16T20:03:46.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9746 (GCVE-0-2016-9746)
Vulnerability from cvelistv5
Published
2017-07-05 17:00
Modified
2024-09-17 02:57
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119821.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 4.0
Version: 4.0.1
Version: 4.0.0.1
Version: 4.0.0.2
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:03.498Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119821"
          },
          {
            "name": "99352",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99352"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611"
          },
          {
            "name": "1038912",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038912"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119821."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-25T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119821"
        },
        {
          "name": "99352",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99352"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611"
        },
        {
          "name": "1038912",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038912"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-06-30T00:00:00",
          "ID": "CVE-2016-9746",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.0.1"
                          },
                          {
                            "version_value": "4.0.0.2"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119821."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119821",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119821"
            },
            {
              "name": "99352",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99352"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22004611",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611"
            },
            {
              "name": "1038912",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038912"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-9746",
    "datePublished": "2017-07-05T17:00:00Z",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-09-17T02:57:21.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1827 (GCVE-0-2018-1827)
Vulnerability from cvelistv5
Published
2019-06-27 13:45
Modified
2024-09-17 01:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.651Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
          },
          {
            "name": "ibm-rqm-cve20181827-xss (150430)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150430"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/PR:L/AV:N/UI:R/A:N/AC:L/I:L/S:C/C:L/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
        },
        {
          "name": "ibm-rqm-cve20181827-xss (150430)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150430"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-25T00:00:00",
          "ID": "CVE-2018-1827",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
            },
            {
              "name": "ibm-rqm-cve20181827-xss (150430)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150430"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1827",
    "datePublished": "2019-06-27T13:45:29.587288Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T01:00:37.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1316 (GCVE-0-2017-1316)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-17 00:05
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125728.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:28.354Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171316-xss(125728)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125728"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125728."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171316-xss(125728)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125728"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1316",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125728."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171316-xss(125728)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125728"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1316",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T00:05:59.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1717 (GCVE-0-2017-1717)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-17 00:36
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134796.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171717-xss(134796)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134796"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134796."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171717-xss(134796)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134796"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1717",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134796."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171717-xss(134796)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134796"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1717",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T00:36:01.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7471 (GCVE-0-2015-7471)
Vulnerability from cvelistv5
Published
2018-03-15 22:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote authenticated users with project administrator privileges to inject arbitrary web script or HTML via a crafted project. IBM X-Force ID: 108429.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.625Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747"
          },
          {
            "name": "ibm-rtc-cve20157471-html-injection(108429)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108429"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote authenticated users with project administrator privileges to inject arbitrary web script or HTML via a crafted project. IBM X-Force ID: 108429."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-15T21:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747"
        },
        {
          "name": "ibm-rtc-cve20157471-html-injection(108429)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108429"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7471",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote authenticated users with project administrator privileges to inject arbitrary web script or HTML via a crafted project. IBM X-Force ID: 108429."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747"
            },
            {
              "name": "ibm-rtc-cve20157471-html-injection(108429)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108429"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7471",
    "datePublished": "2018-03-15T22:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9735 (GCVE-0-2016-9735)
Vulnerability from cvelistv5
Published
2017-05-15 21:00
Modified
2024-08-06 02:59
Severity ?
CWE
  • Obtain Information
Summary
IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,
References
Impacted products
Vendor Product Version
IBM Corporation Rational Collaborative Lifecycle Management Version: 4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 5.0, 4.0.7, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:03.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22003064"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 5.0, 4.0.7, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-15T20:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22003064"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-9735",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 5.0, 4.0.7, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22003064",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22003064"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-9735",
    "datePublished": "2017-05-15T21:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-06T02:59:03.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1248 (GCVE-0-2017-1248)
Vulnerability from cvelistv5
Published
2018-07-06 14:00
Modified
2024-09-16 20:01
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.597Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171248-html-injection(124628)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124628"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        }
      ],
      "datePublic": "2018-07-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site. IBM X-Force ID: 124628."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-06T13:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171248-html-injection(124628)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124628"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-03T00:00:00",
          "ID": "CVE-2017-1248",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site. IBM X-Force ID: 124628."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171248-html-injection(124628)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124628"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10716201",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1248",
    "datePublished": "2018-07-06T14:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T20:01:50.073Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0219 (GCVE-0-2016-0219)
Vulnerability from cvelistv5
Published
2018-01-16 19:00
Modified
2024-08-05 22:08
Severity ?
CWE
  • n/a
Summary
XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:08:13.510Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rtc-cve20160219-dos(109693)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/109693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983720"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-16T18:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rtc-cve20160219-dos(109693)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/109693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983720"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0219",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rtc-cve20160219-dos(109693)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/109693"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983720",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983720"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0219",
    "datePublished": "2018-01-16T19:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:08:13.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9707 (GCVE-0-2016-9707)
Vulnerability from cvelistv5
Published
2017-03-31 18:00
Modified
2024-08-06 02:59
Severity ?
CWE
  • Obtain Information
Summary
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.
References
Impacted products
Vendor Product Version
IBM Corporation Rational Collaborative Lifecycle Management Version: 3.0.1
Version: 4.0
Version: 3.0.1.6
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:03.414Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=swg22000784"
          },
          {
            "name": "97171",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97171"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "3.0.1.6"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-03T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=swg22000784"
        },
        {
          "name": "97171",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97171"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-9707",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.1"
                          },
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "3.0.1.6"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=swg22000784",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=swg22000784"
            },
            {
              "name": "97171",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97171"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-9707",
    "datePublished": "2017-03-31T18:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-06T02:59:03.414Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1191 (GCVE-0-2017-1191)
Vulnerability from cvelistv5
Published
2017-12-27 16:00
Modified
2024-09-16 19:36
Severity ?
CWE
  • Obtain Information
Summary
An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 4.0
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.486Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22011815"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123661"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2017-12-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-27T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22011815"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123661"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-12-18T00:00:00",
          "ID": "CVE-2017-1191",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22011815",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22011815"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123661",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123661"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1191",
    "datePublished": "2017-12-27T16:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T19:36:39.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-1971 (GCVE-0-2015-1971)
Vulnerability from cvelistv5
Published
2016-01-03 00:00
Modified
2024-08-06 05:02
Severity ?
CWE
  • n/a
Summary
Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Team Concert (RTC) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Requirements Composer (RRC) 2.x and 3.x before 3.0.1.6 IF7 and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0; and Rational Software Architect Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote attackers to cause a denial of service via unknown vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:42.523Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971164"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Team Concert (RTC) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Requirements Composer (RRC) 2.x and 3.x before 3.0.1.6 IF7 and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0; and Rational Software Architect Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote attackers to cause a denial of service via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-02T23:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971164"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1971",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Team Concert (RTC) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Requirements Composer (RRC) 2.x and 3.x before 3.0.1.6 IF7 and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0; and Rational Software Architect Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote attackers to cause a denial of service via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971164",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971164"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1971",
    "datePublished": "2016-01-03T00:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:42.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-5004 (GCVE-0-2020-5004)
Vulnerability from cvelistv5
Published
2021-07-28 12:25
Modified
2024-09-16 17:44
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:08.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6475919"
          },
          {
            "name": "ibm-jazz-cve20205004-xss (192957)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/PR:L/AV:N/A:N/UI:R/C:L/AC:L/S:C/I:L/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-28T12:25:12",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6475919"
        },
        {
          "name": "ibm-jazz-cve20205004-xss (192957)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-07-27T00:00:00",
          "ID": "CVE-2020-5004",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6475919",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6475919"
            },
            {
              "name": "ibm-jazz-cve20205004-xss (192957)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-5004",
    "datePublished": "2021-07-28T12:25:13.063011Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T17:44:16.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1694 (GCVE-0-2018-1694)
Vulnerability from cvelistv5
Published
2018-11-06 16:00
Modified
2024-09-17 00:40
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 5.0
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 5.01
Version: 5.02
 Create a notification for this product.
   IBM Rational Software Architect Design Manager Version: 5.0
Version: 6.0
Version: 6.0.1
Version: 5.01
Version: 5.02
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 5.0
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 5.01
Version: 5.02
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 5.01
Version: 5.02
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 5.0
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 5.01
Version: 5.02
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 5.01
Version: 5.02
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 5.0
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 5.01
Version: 5.02
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.306Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-jazz-cve20181694-info-disc(145609)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145609"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738301"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "5.01"
            },
            {
              "status": "affected",
              "version": "5.02"
            }
          ]
        },
        {
          "product": "Rational Software Architect Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "5.01"
            },
            {
              "status": "affected",
              "version": "5.02"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "5.01"
            },
            {
              "status": "affected",
              "version": "5.02"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "5.01"
            },
            {
              "status": "affected",
              "version": "5.02"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "5.01"
            },
            {
              "status": "affected",
              "version": "5.02"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "5.01"
            },
            {
              "status": "affected",
              "version": "5.02"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "5.01"
            },
            {
              "status": "affected",
              "version": "5.02"
            }
          ]
        }
      ],
      "datePublic": "2018-11-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-06T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-jazz-cve20181694-info-disc(145609)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145609"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738301"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-11-02T00:00:00",
          "ID": "CVE-2018-1694",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "5.01"
                          },
                          {
                            "version_value": "5.02"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Software Architect Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "5.01"
                          },
                          {
                            "version_value": "5.02"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "5.01"
                          },
                          {
                            "version_value": "5.02"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "5.01"
                          },
                          {
                            "version_value": "5.02"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "5.01"
                          },
                          {
                            "version_value": "5.02"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "5.01"
                          },
                          {
                            "version_value": "5.02"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "5.01"
                          },
                          {
                            "version_value": "5.02"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-jazz-cve20181694-info-disc(145609)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145609"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10738301",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738301"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1694",
    "datePublished": "2018-11-06T16:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T00:40:43.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1315 (GCVE-0-2017-1315)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 20:06
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125727.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.687Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          },
          {
            "name": "ibm-rqm-cve20171315-xss(125727)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125727"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125727."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        },
        {
          "name": "ibm-rqm-cve20171315-xss(125727)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125727"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1315",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125727."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            },
            {
              "name": "ibm-rqm-cve20171315-xss(125727)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125727"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1315",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T20:06:28.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1565 (GCVE-0-2017-1565)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 22:45
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131765.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.615Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          },
          {
            "name": "ibm-rqm-cve20171565-xss(131765)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131765"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131765."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        },
        {
          "name": "ibm-rqm-cve20171565-xss(131765)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131765"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1565",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131765."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            },
            {
              "name": "ibm-rqm-cve20171565-xss(131765)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131765"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1565",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T22:45:13.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1507 (GCVE-0-2017-1507)
Vulnerability from cvelistv5
Published
2017-12-11 21:00
Modified
2024-08-05 13:32
Severity ?
CWE
  • n/a
Summary
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:30.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22010627"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129619"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-11T20:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22010627"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129619"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1507",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22010627",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22010627"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129619",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129619"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1507",
    "datePublished": "2017-12-11T21:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:32:30.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6030 (GCVE-0-2016-6030)
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-06 01:15
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Impacted products
Vendor Product Version
IBM Corporation Rational Collaborative Lifecycle Management Version: 3.0.1
Version: 4.0
Version: 3.0.1.6
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.728Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95110",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95110"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "3.0.1.6"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-02T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "95110",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95110"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6030",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.1"
                          },
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "3.0.1.6"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95110",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95110"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=swg21996097",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6030",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:15:10.728Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1488 (GCVE-0-2017-1488)
Vulnerability from cvelistv5
Published
2018-07-06 14:00
Modified
2024-09-16 22:44
Severity ?
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627.
References
Impacted products
Vendor Product Version
IBM Rational Engineering Lifecycle Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Software Architect Design Manager Version: 6.0
Version: 6.0.1
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-jazz-cve20171488-info-disc(128627)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128627"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715709"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Software Architect Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.2,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-06T13:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-jazz-cve20171488-info-disc(128627)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128627"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715709"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1488",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Software Architect Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-jazz-cve20171488-info-disc(128627)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128627"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715709",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715709"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1488",
    "datePublished": "2018-07-06T14:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T22:44:56.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4962 (GCVE-0-2015-4962)
Vulnerability from cvelistv5
Published
2016-01-03 02:00
Modified
2024-08-06 06:32
Severity ?
CWE
  • n/a
Summary
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 uses weak permissions for unspecified project areas, which allows remote authenticated users to obtain sensitive information via unknown vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.523Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973404"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 uses weak permissions for unspecified project areas, which allows remote authenticated users to obtain sensitive information via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-03T04:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973404"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4962",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 uses weak permissions for unspecified project areas, which allows remote authenticated users to obtain sensitive information via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21973404",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973404"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4962",
    "datePublished": "2016-01-03T02:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1164 (GCVE-0-2017-1164)
Vulnerability from cvelistv5
Published
2017-10-25 12:00
Modified
2024-08-05 13:25
Severity ?
CWE
  • n/a
Summary
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123036"
          },
          {
            "name": "101586",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101586"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-10-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123036"
        },
        {
          "name": "101586",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101586"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1164",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22009296",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123036",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123036"
            },
            {
              "name": "101586",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101586"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1164",
    "datePublished": "2017-10-25T12:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:25:17.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0130 (GCVE-0-2015-0130)
Vulnerability from cvelistv5
Published
2015-07-20 01:00
Modified
2024-08-06 03:55
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:28.131Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960407"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-07-20T00:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960407"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0130",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960407",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960407"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0130",
    "datePublished": "2015-07-20T01:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T03:55:28.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1606 (GCVE-0-2018-1606)
Vulnerability from cvelistv5
Published
2018-11-06 16:00
Modified
2024-09-17 00:46
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 5.0
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 5.01
Version: 5.02
 Create a notification for this product.
   IBM Rational Software Architect Design Manager Version: 5.0
Version: 6.0
Version: 6.0.1
Version: 5.01
Version: 5.02
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 5.0
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 5.01
Version: 5.02
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 5.01
Version: 5.02
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 5.0
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 5.01
Version: 5.02
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 5.01
Version: 5.02
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 5.0
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 5.01
Version: 5.02
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738301"
          },
          {
            "name": "ibm-jazz-cve20181606-info-disc(143796)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143796"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "5.01"
            },
            {
              "status": "affected",
              "version": "5.02"
            }
          ]
        },
        {
          "product": "Rational Software Architect Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "5.01"
            },
            {
              "status": "affected",
              "version": "5.02"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "5.01"
            },
            {
              "status": "affected",
              "version": "5.02"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "5.01"
            },
            {
              "status": "affected",
              "version": "5.02"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "5.01"
            },
            {
              "status": "affected",
              "version": "5.02"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "5.01"
            },
            {
              "status": "affected",
              "version": "5.02"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "5.01"
            },
            {
              "status": "affected",
              "version": "5.02"
            }
          ]
        }
      ],
      "datePublic": "2018-11-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-06T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738301"
        },
        {
          "name": "ibm-jazz-cve20181606-info-disc(143796)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143796"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-11-02T00:00:00",
          "ID": "CVE-2018-1606",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "5.01"
                          },
                          {
                            "version_value": "5.02"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Software Architect Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "5.01"
                          },
                          {
                            "version_value": "5.02"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "5.01"
                          },
                          {
                            "version_value": "5.02"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "5.01"
                          },
                          {
                            "version_value": "5.02"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "5.01"
                          },
                          {
                            "version_value": "5.02"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "5.01"
                          },
                          {
                            "version_value": "5.02"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "5.01"
                          },
                          {
                            "version_value": "5.02"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10738301",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738301"
            },
            {
              "name": "ibm-jazz-cve20181606-info-disc(143796)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143796"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1606",
    "datePublished": "2018-11-06T16:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T00:46:10.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1621 (GCVE-0-2017-1621)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 19:01
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133088.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.524Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171621-xss(133088)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133088"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133088."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171621-xss(133088)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133088"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1621",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133088."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171621-xss(133088)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133088"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1621",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T19:01:40.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1715 (GCVE-0-2017-1715)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 18:44
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134637.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.227Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          },
          {
            "name": "ibm-rqm-cve20171715-xss(134637)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134637"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134637."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        },
        {
          "name": "ibm-rqm-cve20171715-xss(134637)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134637"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1715",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134637."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            },
            {
              "name": "ibm-rqm-cve20171715-xss(134637)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134637"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1715",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T18:44:00.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1313 (GCVE-0-2017-1313)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 19:10
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125724.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          },
          {
            "name": "ibm-rqm-cve20171313-xss(125724)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125724"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125724."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        },
        {
          "name": "ibm-rqm-cve20171313-xss(125724)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125724"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1313",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125724."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            },
            {
              "name": "ibm-rqm-cve20171313-xss(125724)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125724"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1313",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T19:10:31.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1758 (GCVE-0-2018-1758)
Vulnerability from cvelistv5
Published
2019-06-27 13:45
Modified
2024-09-17 00:11
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
          },
          {
            "name": "ibm-rqm-cve20181758-xss (148605)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148605"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:L/A:N/I:L/S:C/C:L/AV:N/PR:L/UI:R/RL:O/E:H/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
        },
        {
          "name": "ibm-rqm-cve20181758-xss (148605)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148605"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-25T00:00:00",
          "ID": "CVE-2018-1758",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
            },
            {
              "name": "ibm-rqm-cve20181758-xss (148605)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148605"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1758",
    "datePublished": "2019-06-27T13:45:29.457874Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T00:11:06.848Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1983 (GCVE-0-2018-1983)
Vulnerability from cvelistv5
Published
2019-03-14 23:00
Modified
2024-09-17 01:31
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154136.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:39.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rtc-cve20181983-xss(154136)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154136"
          },
          {
            "name": "107419",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107419"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875364"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            }
          ]
        }
      ],
      "datePublic": "2019-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154136."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-16T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rtc-cve20181983-xss(154136)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154136"
        },
        {
          "name": "107419",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107419"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875364"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-08T00:00:00",
          "ID": "CVE-2018-1983",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154136."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rtc-cve20181983-xss(154136)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154136"
            },
            {
              "name": "107419",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107419"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875364",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875364"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1983",
    "datePublished": "2019-03-14T23:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T01:31:51.060Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6032 (GCVE-0-2016-6032)
Vulnerability from cvelistv5
Published
2017-02-08 19:00
Modified
2024-08-06 01:22
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Impacted products
Vendor Product Version
IBM Corporation Rational Collaborative Lifecycle Management Version: 3.0.1
Version: 4.0
Version: 3.0.1.6
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:19.018Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21997104"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "3.0.1.6"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-02-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-08T18:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21997104"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6032",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.1"
                          },
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "3.0.1.6"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21997104",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21997104"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6032",
    "datePublished": "2017-02-08T19:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:22:19.018Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1823 (GCVE-0-2018-1823)
Vulnerability from cvelistv5
Published
2019-03-14 22:00
Modified
2024-09-16 17:43
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150426.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
          },
          {
            "name": "ibm-rqm-cve20181823-xss(150426)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150426"
          },
          {
            "name": "107433",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107433"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            }
          ]
        }
      ],
      "datePublic": "2019-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150426."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-18T06:06:07",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
        },
        {
          "name": "ibm-rqm-cve20181823-xss(150426)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150426"
        },
        {
          "name": "107433",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107433"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-08T00:00:00",
          "ID": "CVE-2018-1823",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150426."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875318",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
            },
            {
              "name": "ibm-rqm-cve20181823-xss(150426)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150426"
            },
            {
              "name": "107433",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107433"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1823",
    "datePublished": "2019-03-14T22:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T17:43:20.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7449 (GCVE-0-2015-7449)
Vulnerability from cvelistv5
Published
2018-03-20 21:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.581Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985143"
          },
          {
            "name": "ibm-jazz-cve20157449-info-disc(108221)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108221"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-20T20:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985143"
        },
        {
          "name": "ibm-jazz-cve20157449-info-disc(108221)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108221"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7449",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21985143",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985143"
            },
            {
              "name": "ibm-jazz-cve20157449-info-disc(108221)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108221"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7449",
    "datePublished": "2018-03-20T21:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.581Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1734 (GCVE-0-2017-1734)
Vulnerability from cvelistv5
Published
2018-04-24 14:00
Modified
2024-09-16 20:59
Severity ?
CWE
  • Obtain Information
Summary
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915.
References
Impacted products
Vendor Product Version
IBM Rational Engineering Lifecycle Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 5.0.2
Version: 5.0
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Team Concert Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Software Architect Design Manager Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.322Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22015635"
          },
          {
            "name": "ibm-jazz-cve20171734-info-disc(134915)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134915"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Software Architect Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            }
          ]
        }
      ],
      "datePublic": "2018-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-24T13:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22015635"
        },
        {
          "name": "ibm-jazz-cve20171734-info-disc(134915)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134915"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-04-18T00:00:00",
          "ID": "CVE-2017-1734",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Software Architect Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22015635",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22015635"
            },
            {
              "name": "ibm-jazz-cve20171734-info-disc(134915)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134915"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1734",
    "datePublished": "2018-04-24T14:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T20:59:13.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0284 (GCVE-0-2016-0284)
Vulnerability from cvelistv5
Published
2016-11-24 19:41
Modified
2024-08-05 22:15
Severity ?
CWE
  • n/a
Summary
The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:23.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
          },
          {
            "name": "94555",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94555"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-29T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
        },
        {
          "name": "94555",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94555"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0284",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
            },
            {
              "name": "94555",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94555"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0284",
    "datePublished": "2016-11-24T19:41:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:23.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1293 (GCVE-0-2017-1293)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 19:40
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125154.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:28.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171293-xss(125154)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125154"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125154."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171293-xss(125154)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125154"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1293",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125154."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171293-xss(125154)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125154"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1293",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T19:40:51.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29673 (GCVE-0-2021-29673)
Vulnerability from cvelistv5
Published
2021-10-27 16:00
Modified
2024-09-17 00:45
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:11:06.380Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6508583"
          },
          {
            "name": "ibm-engineering-cve202129673-xss (199482)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199482"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/AC:L/A:N/PR:L/AV:N/C:L/I:L/S:C/RC:C/RL:O/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-27T16:00:24",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6508583"
        },
        {
          "name": "ibm-engineering-cve202129673-xss (199482)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199482"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-10-25T00:00:00",
          "ID": "CVE-2021-29673",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6508583",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6508583"
            },
            {
              "name": "ibm-engineering-cve202129673-xss (199482)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199482"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29673",
    "datePublished": "2021-10-27T16:00:24.866700Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-17T00:45:51.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1250 (GCVE-0-2017-1250)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 23:26
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force 124630.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          },
          {
            "name": "ibm-rqm-cve20171250-xss(124630)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124630"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force 124630."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        },
        {
          "name": "ibm-rqm-cve20171250-xss(124630)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124630"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1250",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force 124630."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            },
            {
              "name": "ibm-rqm-cve20171250-xss(124630)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124630"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1250",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T23:26:52.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1365 (GCVE-0-2017-1365)
Vulnerability from cvelistv5
Published
2017-12-27 16:00
Modified
2024-09-16 17:54
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 4.0
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22011815"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126858"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2017-12-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-27T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22011815"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126858"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-12-18T00:00:00",
          "ID": "CVE-2017-1365",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22011815",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22011815"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126858",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126858"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1365",
    "datePublished": "2017-12-27T16:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T17:54:32.885Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1826 (GCVE-0-2018-1826)
Vulnerability from cvelistv5
Published
2019-06-27 13:45
Modified
2024-09-17 00:42
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-site scripting
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.561Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
          },
          {
            "name": "ibm-rqm-cve20181826-xss (150429)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150429"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/PR:L/UI:R/AC:L/A:N/C:L/S:C/I:L/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
        },
        {
          "name": "ibm-rqm-cve20181826-xss (150429)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150429"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-25T00:00:00",
          "ID": "CVE-2018-1826",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
            },
            {
              "name": "ibm-rqm-cve20181826-xss (150429)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150429"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1826",
    "datePublished": "2019-06-27T13:45:29.542976Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T00:42:16.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1329 (GCVE-0-2017-1329)
Vulnerability from cvelistv5
Published
2018-07-06 14:00
Modified
2024-09-17 00:42
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
          },
          {
            "name": "ibm-rqm-cve20171329-html-injection(126231)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126231"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        }
      ],
      "datePublic": "2018-07-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site. IBM X-Force ID: 126231."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-06T13:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
        },
        {
          "name": "ibm-rqm-cve20171329-html-injection(126231)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126231"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-03T00:00:00",
          "ID": "CVE-2017-1329",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site. IBM X-Force ID: 126231."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10716201",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
            },
            {
              "name": "ibm-rqm-cve20171329-html-injection(126231)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126231"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1329",
    "datePublished": "2018-07-06T14:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T00:42:04.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1651 (GCVE-0-2017-1651)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 20:07
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133261.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171651-xss(133261)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133261"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133261."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171651-xss(133261)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133261"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1651",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133261."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171651-xss(133261)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133261"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1651",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T20:07:43.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4974 (GCVE-0-2020-4974)
Vulnerability from cvelistv5
Published
2021-07-28 12:25
Modified
2024-09-17 01:41
Severity ?
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
References
Impacted products
Vendor Product Version
IBM Engineering Test Management Version: 7.0.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Engineering Lifecycle Optimization Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.404Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6475919"
          },
          {
            "name": "ibm-jazz-cve20204974-ssrf (192434)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:L/UI:N/C:L/AV:N/PR:L/I:L/AC:L/S:U/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-28T12:25:11",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6475919"
        },
        {
          "name": "ibm-jazz-cve20204974-ssrf (192434)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-07-27T00:00:00",
          "ID": "CVE-2020-4974",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6475919",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6475919"
            },
            {
              "name": "ibm-jazz-cve20204974-ssrf (192434)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4974",
    "datePublished": "2021-07-28T12:25:11.431091Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T01:41:02.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2866 (GCVE-0-2016-2866)
Vulnerability from cvelistv5
Published
2017-02-08 19:00
Modified
2024-08-05 23:40
Severity ?
CWE
  • Obtain Information
Summary
An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user.
References
Impacted products
Vendor Product Version
IBM Corporation Rational Collaborative Lifecycle Management Version: 3.0.1
Version: 4.0
Version: 3.0.1.6
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:13.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21997104"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "3.0.1.6"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-02-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-08T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21997104"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-2866",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.1"
                          },
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "3.0.1.6"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21997104",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21997104"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-2866",
    "datePublished": "2017-02-08T19:00:00",
    "dateReserved": "2016-03-09T00:00:00",
    "dateUpdated": "2024-08-05T23:40:13.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1524 (GCVE-0-2017-1524)
Vulnerability from cvelistv5
Published
2018-03-23 19:00
Modified
2024-09-16 18:08
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
  • Obtain Information
Summary
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:30.284Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103477"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129970"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-03-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-24T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "103477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103477"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129970"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-03-20T00:00:00",
          "ID": "CVE-2017-1524",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103477"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22014815",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129970",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129970"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1524",
    "datePublished": "2018-03-23T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T18:08:30.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1237 (GCVE-0-2017-1237)
Vulnerability from cvelistv5
Published
2018-07-06 14:00
Modified
2024-09-16 16:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Software Architect Design Manager Version: 6.0
Version: 6.0.1
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715709"
          },
          {
            "name": "ibm-jazz-cve20171237-xss(124355)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124355"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Software Architect Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-06T13:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715709"
        },
        {
          "name": "ibm-jazz-cve20171237-xss(124355)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124355"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1237",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Software Architect Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715709",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715709"
            },
            {
              "name": "ibm-jazz-cve20171237-xss(124355)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124355"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1237",
    "datePublished": "2018-07-06T14:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T16:37:58.397Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1363 (GCVE-0-2017-1363)
Vulnerability from cvelistv5
Published
2017-10-25 12:00
Modified
2024-08-05 13:32
Severity ?
CWE
  • n/a
Summary
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.417Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101587",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101587"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126856"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-10-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "101587",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101587"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126856"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1363",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101587",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101587"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22009296",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126856",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126856"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1363",
    "datePublished": "2017-10-25T12:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:32:29.417Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7440 (GCVE-0-2015-7440)
Vulnerability from cvelistv5
Published
2018-03-15 22:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors. IBM X-Force ID: 108098.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747"
          },
          {
            "name": "ibm-jazz-cve20157440-priv-escalation(108098)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108098"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors. IBM X-Force ID: 108098."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-15T21:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747"
        },
        {
          "name": "ibm-jazz-cve20157440-priv-escalation(108098)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108098"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7440",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors. IBM X-Force ID: 108098."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747"
            },
            {
              "name": "ibm-jazz-cve20157440-priv-escalation(108098)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108098"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7440",
    "datePublished": "2018-03-15T22:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1725 (GCVE-0-2017-1725)
Vulnerability from cvelistv5
Published
2018-04-24 14:00
Modified
2024-09-16 21:57
Severity ?
CWE
  • Obtain Information
Summary
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) contain an undisclosed vulnerability with the potential for information disclosure. IBM X-Force ID: 134820.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 5.0.2
Version: 5.0
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Software Architect Design Manager Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.154Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-jazz-cve20171725-info-disc(134820)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134820"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22015635"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Software Architect Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) contain an undisclosed vulnerability with the potential for information disclosure. IBM X-Force ID: 134820."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-24T13:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-jazz-cve20171725-info-disc(134820)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134820"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22015635"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-04-18T00:00:00",
          "ID": "CVE-2017-1725",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Software Architect Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) contain an undisclosed vulnerability with the potential for information disclosure. IBM X-Force ID: 134820."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-jazz-cve20171725-info-disc(134820)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134820"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22015635",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22015635"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1725",
    "datePublished": "2018-04-24T14:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T21:57:15.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6061 (GCVE-0-2016-6061)
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-06 01:22
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Impacted products
Vendor Product Version
IBM Corporation Rational Collaborative Lifecycle Management Version: 3.0.1
Version: 4.0
Version: 3.0.1.6
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:18.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
          },
          {
            "name": "95117",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95117"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "3.0.1.6"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-02T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
        },
        {
          "name": "95117",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95117"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6061",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.1"
                          },
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "3.0.1.6"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=swg21996097",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
            },
            {
              "name": "95117",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95117"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6061",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:22:18.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2926 (GCVE-0-2016-2926)
Vulnerability from cvelistv5
Published
2016-11-25 20:00
Modified
2024-08-05 23:40
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
http://www.securityfocus.com/bid/94146 vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1037279 vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1037277 vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1037278 vdb-entry, x_refsource_SECTRACK
http://www-01.ibm.com/support/docview.wss?uid=swg21993444 x_refsource_CONFIRM
http://www.securitytracker.com/id/1037276 vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:13.799Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94146",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94146"
          },
          {
            "name": "1037279",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037279"
          },
          {
            "name": "1037277",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037277"
          },
          {
            "name": "1037278",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037278"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993444"
          },
          {
            "name": "1037276",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037276"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "94146",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94146"
        },
        {
          "name": "1037279",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037279"
        },
        {
          "name": "1037277",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037277"
        },
        {
          "name": "1037278",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037278"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993444"
        },
        {
          "name": "1037276",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037276"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-2926",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94146",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94146"
            },
            {
              "name": "1037279",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037279"
            },
            {
              "name": "1037277",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037277"
            },
            {
              "name": "1037278",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037278"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21993444",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993444"
            },
            {
              "name": "1037276",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037276"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-2926",
    "datePublished": "2016-11-25T20:00:00",
    "dateReserved": "2016-03-09T00:00:00",
    "dateUpdated": "2024-08-05T23:40:13.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6024 (GCVE-0-2016-6024)
Vulnerability from cvelistv5
Published
2017-11-27 21:00
Modified
2024-09-17 00:20
Severity ?
CWE
  • Obtain Information
Summary
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 4.0
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.795Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116868"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            }
          ]
        }
      ],
      "datePublic": "2017-11-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-27T20:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116868"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-11-16T00:00:00",
          "ID": "CVE-2016-6024",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116868",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116868"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22010512",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6024",
    "datePublished": "2017-11-27T21:00:00Z",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-09-17T00:20:27.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1275 (GCVE-0-2017-1275)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 19:40
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124750.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171275-xss(124750)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124750"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124750."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171275-xss(124750)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124750"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1275",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124750."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171275-xss(124750)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124750"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1275",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T19:40:38.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1655 (GCVE-0-2017-1655)
Vulnerability from cvelistv5
Published
2018-03-23 19:00
Modified
2024-09-16 18:08
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133379.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.906Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103477"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133379"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-03-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133379."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-24T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "103477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103477"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133379"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-03-20T00:00:00",
          "ID": "CVE-2017-1655",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133379."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103477"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22014815",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133379",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133379"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1655",
    "datePublished": "2018-03-23T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T18:08:14.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1691 (GCVE-0-2017-1691)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 22:01
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134066.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.011Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171691-xss(134066)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134066"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134066."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171691-xss(134066)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134066"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1691",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134066."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171691-xss(134066)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134066"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1691",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T22:01:49.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1701 (GCVE-0-2017-1701)
Vulnerability from cvelistv5
Published
2018-04-23 13:00
Modified
2024-09-16 22:31
Severity ?
CWE
  • Obtain Information
Summary
IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rtc-cve20171701-info-disc(134393)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134393"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22015454"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-04-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-23T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rtc-cve20171701-info-disc(134393)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134393"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22015454"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-04-10T00:00:00",
          "ID": "CVE-2017-1701",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rtc-cve20171701-info-disc(134393)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134393"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22015454",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22015454"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1701",
    "datePublished": "2018-04-23T13:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T22:31:13.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4546 (GCVE-0-2020-4546)
Vulnerability from cvelistv5
Published
2020-09-02 18:25
Modified
2024-09-16 16:29
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314.
References
Impacted products
Vendor Product Version
IBM Engineering Workflow Management Version: 7.0
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.891Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6325343"
          },
          {
            "name": "ibm-ewm-cve20204546-xss (183314)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183314"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2020-09-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/PR:L/A:N/I:L/AC:L/S:C/AV:N/C:L/RC:C/E:H/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-02T18:25:25",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6325343"
        },
        {
          "name": "ibm-ewm-cve20204546-xss (183314)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183314"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-09-01T00:00:00",
          "ID": "CVE-2020-4546",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6325343",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6325343 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6325343"
            },
            {
              "name": "ibm-ewm-cve20204546-xss (183314)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183314"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4546",
    "datePublished": "2020-09-02T18:25:25.260434Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T16:29:04.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-1928 (GCVE-0-2015-1928)
Vulnerability from cvelistv5
Published
2016-01-02 21:00
Modified
2024-08-06 05:02
Severity ?
CWE
  • n/a
Summary
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; and Rational Software Architect Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
References
http://www.securitytracker.com/id/1034568 vdb-entry, x_refsource_SECTRACK
http://www-01.ibm.com/support/docview.wss?uid=swg21973200 x_refsource_CONFIRM
http://www.securitytracker.com/id/1034566 vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1034565 vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1034567 vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:41.637Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034568",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034568"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973200"
          },
          {
            "name": "1034566",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034566"
          },
          {
            "name": "1034565",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034565"
          },
          {
            "name": "1034567",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034567"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; and Rational Software Architect Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0 allows remote authenticated users to conduct clickjacking attacks via a crafted web site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1034568",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034568"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973200"
        },
        {
          "name": "1034566",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034566"
        },
        {
          "name": "1034565",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034565"
        },
        {
          "name": "1034567",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034567"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1928",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; and Rational Software Architect Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0 allows remote authenticated users to conduct clickjacking attacks via a crafted web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034568",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034568"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21973200",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973200"
            },
            {
              "name": "1034566",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034566"
            },
            {
              "name": "1034565",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034565"
            },
            {
              "name": "1034567",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034567"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1928",
    "datePublished": "2016-01-02T21:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:41.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1760 (GCVE-0-2018-1760)
Vulnerability from cvelistv5
Published
2019-06-27 13:45
Modified
2024-09-16 19:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148614.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
          },
          {
            "name": "ibm-rqm-cve20181760-xss (148614)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148614"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148614."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:L/A:N/I:L/S:C/C:L/AV:N/PR:L/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
        },
        {
          "name": "ibm-rqm-cve20181760-xss (148614)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148614"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-25T00:00:00",
          "ID": "CVE-2018-1760",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148614."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
            },
            {
              "name": "ibm-rqm-cve20181760-xss (148614)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148614"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1760",
    "datePublished": "2019-06-27T13:45:29.501504Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T19:00:32.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1558 (GCVE-0-2018-1558)
Vulnerability from cvelistv5
Published
2018-10-02 15:00
Modified
2024-09-16 23:52
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 5.01
Version: 5.02
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:43.857Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rhqpsody-cve20181558-xss(142956)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142956"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10732477"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "5.01"
            },
            {
              "status": "affected",
              "version": "5.02"
            }
          ]
        }
      ],
      "datePublic": "2018-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-02T14:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rhqpsody-cve20181558-xss(142956)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142956"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10732477"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-09-27T00:00:00",
          "ID": "CVE-2018-1558",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "5.01"
                          },
                          {
                            "version_value": "5.02"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rhqpsody-cve20181558-xss(142956)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142956"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10732477",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10732477"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1558",
    "datePublished": "2018-10-02T15:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T23:52:14.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1251 (GCVE-0-2017-1251)
Vulnerability from cvelistv5
Published
2017-11-27 21:00
Modified
2024-09-17 04:20
Severity ?
CWE
  • Obtain Information
Summary
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 4.0
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22010682"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124631"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            }
          ]
        }
      ],
      "datePublic": "2017-11-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-27T20:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22010682"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124631"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-11-16T00:00:00",
          "ID": "CVE-2017-1251",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22010682",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22010682"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124631",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124631"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1251",
    "datePublished": "2017-11-27T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T04:20:22.922Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1568 (GCVE-0-2017-1568)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-17 03:32
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131778.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          },
          {
            "name": "ibm-rqm-cve20171568-xss(131778)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131778"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131778."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        },
        {
          "name": "ibm-rqm-cve20171568-xss(131778)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131778"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1568",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131778."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            },
            {
              "name": "ibm-rqm-cve20171568-xss(131778)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131778"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1568",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T03:32:55.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1423 (GCVE-0-2018-1423)
Vulnerability from cvelistv5
Published
2018-07-10 16:00
Modified
2024-09-17 03:03
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 5.0.2
Version: 5.0
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Software Architect Design Manager Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.050Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-jazz-cve20181423-info-disc(139026)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139026"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716599"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Software Architect Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-07-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T16:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-jazz-cve20181423-info-disc(139026)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139026"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716599"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-06T00:00:00",
          "ID": "CVE-2018-1423",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Software Architect Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-jazz-cve20181423-info-disc(139026)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139026"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10716599",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716599"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1423",
    "datePublished": "2018-07-10T16:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T03:03:51.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1602 (GCVE-0-2017-1602)
Vulnerability from cvelistv5
Published
2018-03-23 19:00
Modified
2024-09-16 22:41
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE
  • Bypass Security
Summary
IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.494Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103477"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132625"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-03-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:L/PR:L/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Bypass Security",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-24T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "103477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103477"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132625"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-03-20T00:00:00",
          "ID": "CVE-2017-1602",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Bypass Security"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103477"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22014815",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132625",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132625"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1602",
    "datePublished": "2018-03-23T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T22:41:23.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1559 (GCVE-0-2017-1559)
Vulnerability from cvelistv5
Published
2018-07-06 14:00
Modified
2024-09-17 03:08
Severity ?
3.1 (Low) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:U
CWE
  • Obtain Information
Summary
Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758.
References
Impacted products
Vendor Product Version
IBM Rational Rhapsody Design Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Software Architect Design Manager Version: 6.0
Version: 6.0.1
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-dng-cve20171559-info-disc(131758)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131758"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715709"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Software Architect Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "UNKNOWN",
            "scope": "UNCHANGED",
            "temporalScore": 2.5,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-06T13:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-dng-cve20171559-info-disc(131758)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131758"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715709"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1559",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Software Architect Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "U",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-dng-cve20171559-info-disc(131758)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131758"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715709",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715709"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1559",
    "datePublished": "2018-07-06T14:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T03:08:04.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4084 (GCVE-0-2019-4084)
Vulnerability from cvelistv5
Published
2019-06-27 13:45
Modified
2024-09-16 22:46
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:28.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
          },
          {
            "name": "ibm-jazz-cve20194084-info-disc (157384)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157384"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/AV:N/PR:L/S:U/I:N/C:L/AC:L/A:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
        },
        {
          "name": "ibm-jazz-cve20194084-info-disc (157384)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157384"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-25T00:00:00",
          "ID": "CVE-2019-4084",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
            },
            {
              "name": "ibm-jazz-cve20194084-info-disc (157384)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157384"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4084",
    "datePublished": "2019-06-27T13:45:29.805463Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T22:46:44.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6028 (GCVE-0-2016-6028)
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-06 01:15
Severity ?
CWE
  • Obtain Information
Summary
IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view.
References
Impacted products
Vendor Product Version
IBM Corporation Rational Collaborative Lifecycle Management Version: 3.0.1
Version: 4.0
Version: 3.0.1.6
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95111",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95111"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "3.0.1.6"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-02T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "95111",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95111"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6028",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.1"
                          },
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "3.0.1.6"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95111",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95111"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=swg21996097",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6028",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:15:10.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2865 (GCVE-0-2016-2865)
Vulnerability from cvelistv5
Published
2016-07-15 18:00
Modified
2024-08-05 23:40
Severity ?
CWE
  • n/a
Summary
The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed request.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:14.038Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "91680",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91680"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985865"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "91680",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91680"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985865"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-2865",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "91680",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91680"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21985865",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985865"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-2865",
    "datePublished": "2016-07-15T18:00:00",
    "dateReserved": "2016-03-09T00:00:00",
    "dateUpdated": "2024-08-05T23:40:14.038Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1893 (GCVE-0-2018-1893)
Vulnerability from cvelistv5
Published
2019-06-27 13:45
Modified
2024-09-16 23:11
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
          },
          {
            "name": "ibm-rqm-cve20181893-xss (152157)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152157"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/AV:N/PR:L/I:L/S:C/C:L/AC:L/A:N/RL:O/E:H/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
        },
        {
          "name": "ibm-rqm-cve20181893-xss (152157)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152157"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-25T00:00:00",
          "ID": "CVE-2018-1893",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
            },
            {
              "name": "ibm-rqm-cve20181893-xss (152157)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152157"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1893",
    "datePublished": "2019-06-27T13:45:29.712887Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T23:11:08.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1952 (GCVE-0-2018-1952)
Vulnerability from cvelistv5
Published
2019-03-14 23:00
Modified
2024-09-16 19:14
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153495.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:39.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
          },
          {
            "name": "ibm-jazz-cve20181952-xss(153495)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153495"
          },
          {
            "name": "107435",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107435"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            }
          ]
        }
      ],
      "datePublic": "2019-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153495."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-18T08:06:03",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
        },
        {
          "name": "ibm-jazz-cve20181952-xss(153495)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153495"
        },
        {
          "name": "107435",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107435"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-08T00:00:00",
          "ID": "CVE-2018-1952",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153495."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875340",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
            },
            {
              "name": "ibm-jazz-cve20181952-xss(153495)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153495"
            },
            {
              "name": "107435",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107435"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1952",
    "datePublished": "2019-03-14T23:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T19:14:32.213Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1509 (GCVE-0-2017-1509)
Vulnerability from cvelistv5
Published
2018-07-06 14:00
Modified
2024-09-17 01:31
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719.
References
Impacted products
Vendor Product Version
IBM Rational Rhapsody Design Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Software Architect Design Manager Version: 6.0
Version: 6.0.1
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.877Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-jazz-cve20171509-info-disc(129719)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129719"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715709"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Software Architect Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-06T13:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-jazz-cve20171509-info-disc(129719)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129719"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715709"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1509",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Software Architect Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-jazz-cve20171509-info-disc(129719)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129719"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715709",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715709"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1509",
    "datePublished": "2018-07-06T14:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T01:31:15.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1688 (GCVE-0-2018-1688)
Vulnerability from cvelistv5
Published
2019-03-14 22:00
Modified
2024-09-16 16:58
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145509.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
          },
          {
            "name": "ibm-jazz-cve20181688-xss(145509)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145509"
          },
          {
            "name": "107435",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107435"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            }
          ]
        }
      ],
      "datePublic": "2019-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145509."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-18T08:06:04",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
        },
        {
          "name": "ibm-jazz-cve20181688-xss(145509)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145509"
        },
        {
          "name": "107435",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107435"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-08T00:00:00",
          "ID": "CVE-2018-1688",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145509."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875340",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
            },
            {
              "name": "ibm-jazz-cve20181688-xss(145509)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145509"
            },
            {
              "name": "107435",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107435"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1688",
    "datePublished": "2019-03-14T22:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T16:58:12.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1294 (GCVE-0-2017-1294)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-17 01:45
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125155.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.366Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          },
          {
            "name": "ibm-rqm-cve20171294-xss(125155)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125155"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125155."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        },
        {
          "name": "ibm-rqm-cve20171294-xss(125155)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125155"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1294",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125155."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            },
            {
              "name": "ibm-rqm-cve20171294-xss(125155)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125155"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1294",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T01:45:44.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1241 (GCVE-0-2017-1241)
Vulnerability from cvelistv5
Published
2017-10-25 12:00
Modified
2024-09-16 19:37
Severity ?
CWE
  • Obtain Information
Summary
An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 4.0
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124523"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
          },
          {
            "name": "101599",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101599"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            }
          ]
        }
      ],
      "datePublic": "2017-10-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-28T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124523"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
        },
        {
          "name": "101599",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101599"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-10-20T00:00:00",
          "ID": "CVE-2017-1241",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124523",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124523"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22009296",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
            },
            {
              "name": "101599",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101599"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1241",
    "datePublished": "2017-10-25T12:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T19:37:03.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0326 (GCVE-0-2016-0326)
Vulnerability from cvelistv5
Published
2016-10-22 01:00
Modified
2024-08-05 22:15
Severity ?
CWE
  • n/a
Summary
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:23.466Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93824",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93824"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989735"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted \"HTML request.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "93824",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93824"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989735"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0326",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted \"HTML request.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93824",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93824"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21989735",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989735"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0326",
    "datePublished": "2016-10-22T01:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:23.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1608 (GCVE-0-2017-1608)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-17 01:56
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132928.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.466Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          },
          {
            "name": "ibm-rqm-cve20171608-xss(132928)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132928"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132928."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        },
        {
          "name": "ibm-rqm-cve20171608-xss(132928)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132928"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1608",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132928."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            },
            {
              "name": "ibm-rqm-cve20171608-xss(132928)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132928"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1608",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T01:56:04.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1916 (GCVE-0-2018-1916)
Vulnerability from cvelistv5
Published
2019-03-14 23:00
Modified
2024-09-17 04:04
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152740.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-jazz-cve20181916-xss(152740)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152740"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
          },
          {
            "name": "107435",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107435"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            }
          ]
        }
      ],
      "datePublic": "2019-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152740."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-18T08:06:03",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-jazz-cve20181916-xss(152740)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152740"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
        },
        {
          "name": "107435",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107435"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-08T00:00:00",
          "ID": "CVE-2018-1916",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152740."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-jazz-cve20181916-xss(152740)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152740"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875340",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
            },
            {
              "name": "107435",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107435"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1916",
    "datePublished": "2019-03-14T23:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T04:04:48.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0112 (GCVE-0-2015-0112)
Vulnerability from cvelistv5
Published
2015-06-07 18:00
Modified
2024-08-06 03:55
Severity ?
CWE
  • n/a
Summary
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:28.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-06-07T18:57:00",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0112",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0112",
    "datePublished": "2015-06-07T18:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T03:55:28.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1238 (GCVE-0-2017-1238)
Vulnerability from cvelistv5
Published
2018-07-06 14:00
Modified
2024-09-17 04:29
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124356.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171238-xss(124356)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124356"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        }
      ],
      "datePublic": "2018-07-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124356."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-06T13:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171238-xss(124356)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124356"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-03T00:00:00",
          "ID": "CVE-2017-1238",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124356."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171238-xss(124356)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124356"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10716201",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1238",
    "datePublished": "2018-07-06T14:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T04:29:40.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0372 (GCVE-0-2016-0372)
Vulnerability from cvelistv5
Published
2016-11-24 19:41
Modified
2024-08-05 22:15
Severity ?
CWE
  • n/a
Summary
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:24.348Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
          },
          {
            "name": "94541",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94541"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-28T10:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
        },
        {
          "name": "94541",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94541"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0372",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
            },
            {
              "name": "94541",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94541"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0372",
    "datePublished": "2016-11-24T19:41:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:24.348Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9700 (GCVE-0-2016-9700)
Vulnerability from cvelistv5
Published
2017-07-05 18:00
Modified
2024-09-16 23:22
Severity ?
CWE
  • Obtain Information
Summary
IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 4.0
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:03.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22005435"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-05T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22005435"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119528"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-06-30T00:00:00",
          "ID": "CVE-2016-9700",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22005435",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005435"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119528",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119528"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-9700",
    "datePublished": "2017-07-05T18:00:00Z",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-09-16T23:22:03.909Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1652 (GCVE-0-2017-1652)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 23:01
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133263.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.922Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171652-xss(133263)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133263"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133263."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171652-xss(133263)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133263"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1652",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133263."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171652-xss(133263)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133263"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1652",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T23:01:42.840Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9973 (GCVE-0-2016-9973)
Vulnerability from cvelistv5
Published
2017-06-13 19:00
Modified
2024-08-06 03:07
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 4.0
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:31.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22004534"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120209"
          },
          {
            "name": "99060",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99060"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-15T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22004534"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120209"
        },
        {
          "name": "99060",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99060"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-9973",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22004534",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22004534"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120209",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120209"
            },
            {
              "name": "99060",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99060"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-9973",
    "datePublished": "2017-06-13T19:00:00",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-08-06T03:07:31.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9733 (GCVE-0-2016-9733)
Vulnerability from cvelistv5
Published
2017-07-05 17:00
Modified
2024-09-16 20:17
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 4.0
Version: 4.0.1
Version: 4.0.0.1
Version: 4.0.0.2
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:03.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119762"
          },
          {
            "name": "99352",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99352"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611"
          },
          {
            "name": "1038912",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038912"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-25T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119762"
        },
        {
          "name": "99352",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99352"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611"
        },
        {
          "name": "1038912",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038912"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-06-30T00:00:00",
          "ID": "CVE-2016-9733",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.0.1"
                          },
                          {
                            "version_value": "4.0.0.2"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119762",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119762"
            },
            {
              "name": "99352",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99352"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22004611",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611"
            },
            {
              "name": "1038912",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038912"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-9733",
    "datePublished": "2017-07-05T17:00:00Z",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-09-16T20:17:53.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1592 (GCVE-0-2017-1592)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-17 04:04
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132493.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.895Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171592-xss(132493)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132493"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132493."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171592-xss(132493)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132493"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1592",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132493."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171592-xss(132493)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132493"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1592",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T04:04:22.019Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1306 (GCVE-0-2017-1306)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-17 00:06
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125460.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:28.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171306-xss(125460)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125460"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125460."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171306-xss(125460)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125460"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1306",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125460."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171306-xss(125460)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125460"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1306",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T00:06:52.525Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1658 (GCVE-0-2018-1658)
Vulnerability from cvelistv5
Published
2019-03-14 22:00
Modified
2024-09-16 16:14
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 144884.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-jazz-cve20181658-cache-poisoning(144884)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144884"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
          },
          {
            "name": "107435",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107435"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            }
          ]
        }
      ],
      "datePublic": "2019-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 144884."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-18T08:06:04",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-jazz-cve20181658-cache-poisoning(144884)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144884"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
        },
        {
          "name": "107435",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107435"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-08T00:00:00",
          "ID": "CVE-2018-1658",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 144884."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-jazz-cve20181658-cache-poisoning(144884)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144884"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875340",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
            },
            {
              "name": "107435",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107435"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1658",
    "datePublished": "2019-03-14T22:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T16:14:06.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9747 (GCVE-0-2016-9747)
Vulnerability from cvelistv5
Published
2017-06-22 18:00
Modified
2024-08-06 02:59
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Impacted products
Vendor Product Version
IBM Rational Engineering Lifecycle Manager Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:03.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22004734"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119822"
          },
          {
            "name": "99189",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99189"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            }
          ]
        }
      ],
      "datePublic": "2017-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-23T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22004734"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119822"
        },
        {
          "name": "99189",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99189"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-9747",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22004734",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22004734"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119822",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119822"
            },
            {
              "name": "99189",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99189"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-9747",
    "datePublished": "2017-06-22T18:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-06T02:59:03.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1299 (GCVE-0-2017-1299)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-08-05 13:32
Severity ?
CWE
  • n/a
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125161.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.147Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171299-xss(125161)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125161"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125161."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171299-xss(125161)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125161"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1299",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125161."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171299-xss(125161)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125161"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1299",
    "datePublished": "2018-07-03T19:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:32:29.147Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7453 (GCVE-0-2015-7453)
Vulnerability from cvelistv5
Published
2018-03-15 22:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108296.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.540Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747"
          },
          {
            "name": "ibm-jazz-cve20157453-xss(108296)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108296"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108296."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-15T21:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747"
        },
        {
          "name": "ibm-jazz-cve20157453-xss(108296)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108296"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7453",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108296."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747"
            },
            {
              "name": "ibm-jazz-cve20157453-xss(108296)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108296"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7453",
    "datePublished": "2018-03-15T22:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.540Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1570 (GCVE-0-2017-1570)
Vulnerability from cvelistv5
Published
2017-11-27 21:00
Modified
2024-09-16 20:07
Severity ?
CWE
  • Obtain Information
Summary
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 4.0
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102020",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102020"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131852"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            }
          ]
        }
      ],
      "datePublic": "2017-11-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-04T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "102020",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102020"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131852"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-11-16T00:00:00",
          "ID": "CVE-2017-1570",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102020",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102020"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22010512",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131852",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131852"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1570",
    "datePublished": "2017-11-27T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T20:07:09.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1562 (GCVE-0-2017-1562)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 17:09
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131761.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:30.631Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171562-xss(131761)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131761"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131761."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171562-xss(131761)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131761"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1562",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131761."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171562-xss(131761)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131761"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1562",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T17:09:06.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6040 (GCVE-0-2016-6040)
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-06 01:22
Severity ?
CWE
  • Bypass Security
Summary
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.
References
Impacted products
Vendor Product Version
IBM Corporation Rational Collaborative Lifecycle Management Version: 3.0.1
Version: 4.0
Version: 3.0.1.6
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:18.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95115",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95115"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "3.0.1.6"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Bypass Security",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-02T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "95115",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95115"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6040",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.1"
                          },
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "3.0.1.6"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Bypass Security"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95115",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95115"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=swg21996097",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6040",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:22:18.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2864 (GCVE-0-2016-2864)
Vulnerability from cvelistv5
Published
2016-11-24 19:41
Modified
2024-08-05 23:40
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:13.638Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
          },
          {
            "name": "94542",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94542"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-28T10:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
        },
        {
          "name": "94542",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94542"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-2864",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
            },
            {
              "name": "94542",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94542"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-2864",
    "datePublished": "2016-11-24T19:41:00",
    "dateReserved": "2016-03-09T00:00:00",
    "dateUpdated": "2024-08-05T23:40:13.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-5031 (GCVE-0-2020-5031)
Vulnerability from cvelistv5
Published
2021-07-19 16:00
Modified
2024-09-16 18:43
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738.
References
Impacted products
Vendor Product Version
IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:08.917Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6473141"
          },
          {
            "name": "ibm-engineering-cve20205031-xss (193738)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193738"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-07-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/S:C/A:N/C:L/AC:L/UI:R/PR:L/I:L/RL:O/E:H/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-19T16:00:23",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6473141"
        },
        {
          "name": "ibm-engineering-cve20205031-xss (193738)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193738"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-07-16T00:00:00",
          "ID": "CVE-2020-5031",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6473141",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6473141 (Rational Collaborative Lifecycle Management)",
              "url": "https://www.ibm.com/support/pages/node/6473141"
            },
            {
              "name": "ibm-engineering-cve20205031-xss (193738)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193738"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-5031",
    "datePublished": "2021-07-19T16:00:23.796624Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T18:43:31.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1653 (GCVE-0-2017-1653)
Vulnerability from cvelistv5
Published
2018-01-26 21:00
Modified
2024-09-17 01:31
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.940Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040306",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040306"
          },
          {
            "name": "102853",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102853"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133268"
          },
          {
            "name": "1040307",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040307"
          },
          {
            "name": "1040305",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040305"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22012712"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            }
          ]
        }
      ],
      "datePublic": "2018-01-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-01T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1040306",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040306"
        },
        {
          "name": "102853",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102853"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133268"
        },
        {
          "name": "1040307",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040307"
        },
        {
          "name": "1040305",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040305"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22012712"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-01-18T00:00:00",
          "ID": "CVE-2017-1653",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040306",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040306"
            },
            {
              "name": "102853",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102853"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133268",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133268"
            },
            {
              "name": "1040307",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040307"
            },
            {
              "name": "1040305",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040305"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22012712",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22012712"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1653",
    "datePublished": "2018-01-26T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T01:31:08.456Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1169 (GCVE-0-2017-1169)
Vulnerability from cvelistv5
Published
2017-10-25 12:00
Modified
2024-09-17 01:31
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 4.0
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.289Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123188"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
          },
          {
            "name": "101593",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101593"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            }
          ]
        }
      ],
      "datePublic": "2017-10-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-28T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123188"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
        },
        {
          "name": "101593",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101593"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-10-20T00:00:00",
          "ID": "CVE-2017-1169",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123188",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123188"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22009296",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
            },
            {
              "name": "101593",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101593"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1169",
    "datePublished": "2017-10-25T12:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T01:31:42.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1561 (GCVE-0-2017-1561)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-17 03:02
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131760.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.669Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171561-xss(131760)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131760"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131760."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171561-xss(131760)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131760"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1561",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131760."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171561-xss(131760)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131760"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1561",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T03:02:56.165Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2981 (GCVE-0-2016-2981)
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 23:40
Severity ?
CWE
  • Obtain Information
Summary
An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.
References
Impacted products
Vendor Product Version
IBM Corporation Rational Collaborative Lifecycle Management Version: 3.0.1
Version: 4.0
Version: 3.0.1.6
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:14.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21999965"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "3.0.1.6"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-20T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21999965"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-2981",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.1"
                          },
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "3.0.1.6"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21999965",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21999965"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-2981",
    "datePublished": "2017-03-20T16:00:00",
    "dateReserved": "2016-03-09T00:00:00",
    "dateUpdated": "2024-08-05T23:40:14.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0331 (GCVE-0-2016-0331)
Vulnerability from cvelistv5
Published
2016-09-12 10:00
Modified
2024-08-05 22:15
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:24.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "92840",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92840"
          },
          {
            "name": "1036814",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036814"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989899"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-29T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "92840",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92840"
        },
        {
          "name": "1036814",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036814"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989899"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0331",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "92840",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92840"
            },
            {
              "name": "1036814",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036814"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21989899",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989899"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0331",
    "datePublished": "2016-09-12T10:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:24.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1824 (GCVE-0-2018-1824)
Vulnerability from cvelistv5
Published
2019-03-14 22:00
Modified
2024-09-16 18:49
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150427.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
          },
          {
            "name": "ibm-rqm-cve20181824-xss(150427)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150427"
          },
          {
            "name": "107433",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107433"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            }
          ]
        }
      ],
      "datePublic": "2019-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150427."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-18T06:06:07",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
        },
        {
          "name": "ibm-rqm-cve20181824-xss(150427)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150427"
        },
        {
          "name": "107433",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107433"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-08T00:00:00",
          "ID": "CVE-2018-1824",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150427."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875318",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
            },
            {
              "name": "ibm-rqm-cve20181824-xss(150427)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150427"
            },
            {
              "name": "107433",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107433"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1824",
    "datePublished": "2019-03-14T22:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T18:49:36.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1295 (GCVE-0-2017-1295)
Vulnerability from cvelistv5
Published
2017-10-25 12:00
Modified
2024-09-16 19:57
Severity ?
CWE
  • Obtain Information
Summary
IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 4.0
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:28.541Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101616",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101616"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125157"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            }
          ]
        }
      ],
      "datePublic": "2017-10-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-01T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "101616",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101616"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125157"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-10-20T00:00:00",
          "ID": "CVE-2017-1295",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101616",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101616"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125157",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125157"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22009296",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1295",
    "datePublished": "2017-10-25T12:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T19:57:35.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4522 (GCVE-0-2020-4522)
Vulnerability from cvelistv5
Published
2020-09-02 18:25
Modified
2024-09-16 21:02
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397.
References
Impacted products
Vendor Product Version
IBM Rational Rhapsody Design Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.822Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6325343"
          },
          {
            "name": "ibm-doors-cve20204522-xss (182397)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182397"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2020-09-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/PR:L/A:N/AC:L/I:L/C:L/AV:N/S:C/RL:O/E:H/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-02T18:25:24",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6325343"
        },
        {
          "name": "ibm-doors-cve20204522-xss (182397)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182397"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-09-01T00:00:00",
          "ID": "CVE-2020-4522",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6325343",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6325343 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6325343"
            },
            {
              "name": "ibm-doors-cve20204522-xss (182397)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182397"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4522",
    "datePublished": "2020-09-02T18:25:24.836456Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T21:02:30.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1734 (GCVE-0-2018-1734)
Vulnerability from cvelistv5
Published
2019-06-27 13:45
Modified
2024-09-16 23:36
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.389Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
          },
          {
            "name": "ibm-rhapsody-cve20181734-info-disc (147838)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147838"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/PR:L/AV:N/C:L/I:N/S:U/A:N/AC:L/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
        },
        {
          "name": "ibm-rhapsody-cve20181734-info-disc (147838)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147838"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-25T00:00:00",
          "ID": "CVE-2018-1734",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
            },
            {
              "name": "ibm-rhapsody-cve20181734-info-disc (147838)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147838"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1734",
    "datePublished": "2019-06-27T13:45:29.388873Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T23:36:31.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1312 (GCVE-0-2017-1312)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-17 00:55
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125723.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:28.443Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          },
          {
            "name": "ibm-rqm-cve20171312-xss(125723)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125723"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125723."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        },
        {
          "name": "ibm-rqm-cve20171312-xss(125723)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125723"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1312",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125723."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            },
            {
              "name": "ibm-rqm-cve20171312-xss(125723)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125723"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1312",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T00:55:53.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1280 (GCVE-0-2017-1280)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 20:42
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:28.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          },
          {
            "name": "ibm-rqm-cve20171280-xss(124758)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124758"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        },
        {
          "name": "ibm-rqm-cve20171280-xss(124758)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124758"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1280",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            },
            {
              "name": "ibm-rqm-cve20171280-xss(124758)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124758"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1280",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T20:42:05.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0273 (GCVE-0-2016-0273)
Vulnerability from cvelistv5
Published
2016-11-24 19:41
Modified
2024-08-05 22:15
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:23.244Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
          },
          {
            "name": "94557",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94557"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-29T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
        },
        {
          "name": "94557",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94557"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0273",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
            },
            {
              "name": "94557",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94557"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0273",
    "datePublished": "2016-11-24T19:41:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:23.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4445 (GCVE-0-2020-4445)
Vulnerability from cvelistv5
Published
2020-09-02 18:25
Modified
2024-09-17 03:23
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122.
References
Impacted products
Vendor Product Version
IBM Rational Rhapsody Design Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
   IBM Rational Quality Manager Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0
 Create a notification for this product.
   IBM Engineering Workflow Management Version: 7.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.667Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6325343"
          },
          {
            "name": "ibm-jazz-cve20204445-xss (181122)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181122"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2020-09-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/S:C/C:L/PR:L/UI:R/A:N/I:L/AC:L/RL:O/E:H/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-02T18:25:24",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6325343"
        },
        {
          "name": "ibm-jazz-cve20204445-xss (181122)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181122"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-09-01T00:00:00",
          "ID": "CVE-2020-4445",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6325343",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6325343 (Rational Rhapsody Design Manager)",
              "url": "https://www.ibm.com/support/pages/node/6325343"
            },
            {
              "name": "ibm-jazz-cve20204445-xss (181122)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181122"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4445",
    "datePublished": "2020-09-02T18:25:24.362761Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T03:23:17.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1700 (GCVE-0-2017-1700)
Vulnerability from cvelistv5
Published
2018-04-24 14:00
Modified
2024-09-17 03:48
Severity ?
CWE
  • Denial of Service
Summary
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392.
References
Impacted products
Vendor Product Version
IBM Rational Team Concert Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Engineering Lifecycle Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Software Architect Design Manager Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 5.0.2
Version: 5.0
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.215Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-jazz-cve20171700-dos(134392)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134392"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22015635"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Software Architect Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-24T13:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-jazz-cve20171700-dos(134392)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134392"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22015635"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-04-18T00:00:00",
          "ID": "CVE-2017-1700",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Software Architect Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-jazz-cve20171700-dos(134392)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134392"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22015635",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22015635"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1700",
    "datePublished": "2018-04-24T14:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T03:48:55.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1825 (GCVE-0-2018-1825)
Vulnerability from cvelistv5
Published
2019-03-14 22:00
Modified
2024-09-16 23:56
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150428.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
          },
          {
            "name": "ibm-rqm-cve20181825-xss(150428)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150428"
          },
          {
            "name": "107433",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107433"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            }
          ]
        }
      ],
      "datePublic": "2019-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150428."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-18T06:06:07",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
        },
        {
          "name": "ibm-rqm-cve20181825-xss(150428)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150428"
        },
        {
          "name": "107433",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107433"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-08T00:00:00",
          "ID": "CVE-2018-1825",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150428."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875318",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
            },
            {
              "name": "ibm-rqm-cve20181825-xss(150428)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150428"
            },
            {
              "name": "107433",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107433"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1825",
    "datePublished": "2019-03-14T22:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T23:56:45.596Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20507 (GCVE-0-2021-20507)
Vulnerability from cvelistv5
Published
2021-07-19 16:00
Modified
2024-09-17 03:12
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235.
References
Impacted products
Vendor Product Version
IBM Engineering Workflow Management Version: 7.0
Version: 7.0.1
Version: 7.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.495Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6473141"
          },
          {
            "name": "ibm-jazz-cve202120507-xss (198235)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-07-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/C:L/AC:L/S:C/AV:N/I:L/PR:L/UI:R/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-19T16:00:25",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6473141"
        },
        {
          "name": "ibm-jazz-cve202120507-xss (198235)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-07-16T00:00:00",
          "ID": "CVE-2021-20507",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6473141",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6473141 (Rational Collaborative Lifecycle Management)",
              "url": "https://www.ibm.com/support/pages/node/6473141"
            },
            {
              "name": "ibm-jazz-cve202120507-xss (198235)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20507",
    "datePublished": "2021-07-19T16:00:25.382956Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-17T03:12:37.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1317 (GCVE-0-2017-1317)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 17:23
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125729.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.441Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          },
          {
            "name": "ibm-rqm-cve20171317-xss(125729)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125729"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125729."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        },
        {
          "name": "ibm-rqm-cve20171317-xss(125729)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125729"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1317",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125729."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            },
            {
              "name": "ibm-rqm-cve20171317-xss(125729)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125729"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1317",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T17:23:38.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1762 (GCVE-0-2018-1762)
Vulnerability from cvelistv5
Published
2018-11-29 17:00
Modified
2024-09-16 17:33
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148616.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742281"
          },
          {
            "name": "106053",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106053"
          },
          {
            "name": "ibm-jazz-cve20181762-xss(148616)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148616"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            }
          ]
        }
      ],
      "datePublic": "2018-11-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148616."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-03T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742281"
        },
        {
          "name": "106053",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106053"
        },
        {
          "name": "ibm-jazz-cve20181762-xss(148616)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148616"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-11-27T00:00:00",
          "ID": "CVE-2018-1762",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148616."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10742281",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742281"
            },
            {
              "name": "106053",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106053"
            },
            {
              "name": "ibm-jazz-cve20181762-xss(148616)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148616"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1762",
    "datePublished": "2018-11-29T17:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T17:33:37.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1564 (GCVE-0-2017-1564)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-17 01:06
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131764.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:30.629Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171564-xss(131764)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131764"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131764."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171564-xss(131764)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131764"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1564",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131764."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171564-xss(131764)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131764"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1564",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T01:06:43.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4946 (GCVE-0-2015-4946)
Vulnerability from cvelistv5
Published
2016-01-03 02:00
Modified
2024-08-06 06:32
Severity ?
CWE
  • n/a
Summary
Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 allows local users to bypass intended access restrictions via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973404"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 allows local users to bypass intended access restrictions via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-03T04:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973404"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4946",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 allows local users to bypass intended access restrictions via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21973404",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973404"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4946",
    "datePublished": "2016-01-03T02:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1240 (GCVE-0-2017-1240)
Vulnerability from cvelistv5
Published
2017-11-27 21:00
Modified
2024-09-16 18:43
Severity ?
CWE
  • Obtain Information
Summary
IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 4.0
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.486Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101976",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101976"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124359"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            }
          ]
        }
      ],
      "datePublic": "2017-11-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-29T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "101976",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101976"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124359"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-11-16T00:00:00",
          "ID": "CVE-2017-1240",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101976",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101976"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124359",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124359"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22010512",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1240",
    "datePublished": "2017-11-27T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T18:43:58.108Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4083 (GCVE-0-2019-4083)
Vulnerability from cvelistv5
Published
2019-06-27 13:45
Modified
2024-09-16 18:03
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.969Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
          },
          {
            "name": "ibm-jazz-cve20194083-xss (157383)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157383"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/PR:L/AV:N/C:L/S:C/I:L/A:N/AC:L/RC:C/E:H/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
        },
        {
          "name": "ibm-jazz-cve20194083-xss (157383)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157383"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-25T00:00:00",
          "ID": "CVE-2019-4083",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
            },
            {
              "name": "ibm-jazz-cve20194083-xss (157383)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157383"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4083",
    "datePublished": "2019-06-27T13:45:29.751790Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T18:03:28.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0113 (GCVE-0-2015-0113)
Vulnerability from cvelistv5
Published
2015-04-27 01:00
Modified
2024-08-06 03:55
Severity ?
CWE
  • n/a
Summary
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:28.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882770"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-04-27T01:57:00",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882770"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0113",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21882770",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882770"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0113",
    "datePublished": "2015-04-27T01:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T03:55:28.013Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1492 (GCVE-0-2018-1492)
Vulnerability from cvelistv5
Published
2018-07-10 16:00
Modified
2024-09-17 00:02
Severity ?
4.3 (Medium) - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.
References
Impacted products
Vendor Product Version
IBM Rational Engineering Lifecycle Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Software Architect Design Manager Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
 Create a notification for this product.
   IBM Rational Team Concert Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational DOORS Next Generation Version: 5.0.2
Version: 5.0
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Rhapsody Design Manager Version: 5.0
Version: 5.0.2
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.146Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-jazz-cve20181492-gain-access(140977)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140977"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716599"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Software Architect Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-07-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server\u0027s failure to properly log out from the previous session. IBM X-Force ID: 140977."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:L/AC:L/AV:P/C:L/I:L/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-10T16:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-jazz-cve20181492-gain-access(140977)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140977"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716599"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-06T00:00:00",
          "ID": "CVE-2018-1492",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Software Architect Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server\u0027s failure to properly log out from the previous session. IBM X-Force ID: 140977."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "P",
              "C": "L",
              "I": "L",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-jazz-cve20181492-gain-access(140977)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140977"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10716599",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716599"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1492",
    "datePublished": "2018-07-10T16:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T00:02:33.492Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1239 (GCVE-0-2017-1239)
Vulnerability from cvelistv5
Published
2018-07-06 14:00
Modified
2024-09-16 17:42
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
          },
          {
            "name": "ibm-rqm-cve20171239-info-disc(124357)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124357"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        }
      ],
      "datePublic": "2018-07-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-06T13:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
        },
        {
          "name": "ibm-rqm-cve20171239-info-disc(124357)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124357"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-03T00:00:00",
          "ID": "CVE-2017-1239",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10716201",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
            },
            {
              "name": "ibm-rqm-cve20171239-info-disc(124357)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124357"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1239",
    "datePublished": "2018-07-06T14:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T17:42:50.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4249 (GCVE-0-2019-4249)
Vulnerability from cvelistv5
Published
2019-06-27 13:45
Modified
2024-09-16 19:57
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:37.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
          },
          {
            "name": "ibm-rtc-cve20194249-xss (159647)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159647"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/PR:L/AV:N/S:C/I:L/C:L/A:N/AC:L/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
        },
        {
          "name": "ibm-rtc-cve20194249-xss (159647)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159647"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-25T00:00:00",
          "ID": "CVE-2019-4249",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
            },
            {
              "name": "ibm-rtc-cve20194249-xss (159647)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159647"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4249",
    "datePublished": "2019-06-27T13:45:29.879839Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T19:57:28.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4250 (GCVE-0-2019-4250)
Vulnerability from cvelistv5
Published
2019-06-27 13:45
Modified
2024-09-16 17:28
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:37.595Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
          },
          {
            "name": "ibm-jazz-cve20194250-xss (159648)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159648"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        }
      ],
      "datePublic": "2019-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/PR:L/UI:R/AC:L/A:N/S:C/I:L/C:L/RL:O/E:H/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:45:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
        },
        {
          "name": "ibm-jazz-cve20194250-xss (159648)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159648"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-25T00:00:00",
          "ID": "CVE-2019-4250",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
            },
            {
              "name": "ibm-jazz-cve20194250-xss (159648)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159648"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4250",
    "datePublished": "2019-06-27T13:45:29.921691Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:28:19.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2947 (GCVE-0-2016-2947)
Vulnerability from cvelistv5
Published
2016-11-25 03:38
Modified
2024-08-05 23:40
Severity ?
CWE
  • n/a
Summary
IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to obtain sensitive information via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:13.906Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991477"
          },
          {
            "name": "94518",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94518"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to obtain sensitive information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991477"
        },
        {
          "name": "94518",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94518"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-2947",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to obtain sensitive information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991477",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991477"
            },
            {
              "name": "94518",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94518"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-2947",
    "datePublished": "2016-11-25T03:38:00",
    "dateReserved": "2016-03-09T00:00:00",
    "dateUpdated": "2024-08-05T23:40:13.906Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1242 (GCVE-0-2017-1242)
Vulnerability from cvelistv5
Published
2018-07-06 14:00
Modified
2024-09-17 01:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 5.0.x
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171242-html-injection(124524)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124524"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "5.0.x"
            }
          ]
        }
      ],
      "datePublic": "2018-07-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site. IBM X-Force ID: 124524."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-06T13:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171242-html-injection(124524)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124524"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-03T00:00:00",
          "ID": "CVE-2017-1242",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "5.0.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site. IBM X-Force ID: 124524."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171242-html-injection(124524)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124524"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10716201",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1242",
    "datePublished": "2018-07-06T14:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T01:46:54.564Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1314 (GCVE-0-2017-1314)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 16:17
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125725.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          },
          {
            "name": "ibm-rqm-cve20171314-xss(125725)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125725"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125725."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        },
        {
          "name": "ibm-rqm-cve20171314-xss(125725)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125725"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1314",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125725."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            },
            {
              "name": "ibm-rqm-cve20171314-xss(125725)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125725"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1314",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T16:17:48.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29774 (GCVE-0-2021-29774)
Vulnerability from cvelistv5
Published
2021-10-27 16:00
Modified
2024-09-17 02:10
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE
  • Gain Privileges
Summary
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 6.0.6
Version: 6.0.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:02.992Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6508583"
          },
          {
            "name": "ibm-engineering-cve202129774-priv-escalation (203025)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203025"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2021-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:L/AV:N/S:U/C:H/I:H/UI:N/AC:H/A:H/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-27T16:00:27",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6508583"
        },
        {
          "name": "ibm-engineering-cve202129774-priv-escalation (203025)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203025"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-10-25T00:00:00",
          "ID": "CVE-2021-29774",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.1"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "H",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6508583",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6508583"
            },
            {
              "name": "ibm-engineering-cve202129774-priv-escalation (203025)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203025"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29774",
    "datePublished": "2021-10-27T16:00:28.033842Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-17T02:10:50.993Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-8968 (GCVE-0-2016-8968)
Vulnerability from cvelistv5
Published
2017-02-15 19:00
Modified
2024-08-06 02:35
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515.
References
http://www.ibm.com/support/docview.wss?uid=swg21998515 x_refsource_CONFIRM
http://www.securitytracker.com/id/1037821 vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1037820 vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/96282 vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1037822 vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1037823 vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
IBM Corporation Rational Collaborative Lifecycle Management Version: 3.0.1
Version: 4.0
Version: 3.0.1.6
Version: 4.0.1
Version: 4.0.2
Version: 4.0.3
Version: 4.0.4
Version: 4.0.5
Version: 4.0.6
Version: 5.0
Version: 4.0.7
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:35:02.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21998515"
          },
          {
            "name": "1037821",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037821"
          },
          {
            "name": "1037820",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037820"
          },
          {
            "name": "96282",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96282"
          },
          {
            "name": "1037822",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037822"
          },
          {
            "name": "1037823",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037823"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "status": "affected",
              "version": "3.0.1.6"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.4"
            },
            {
              "status": "affected",
              "version": "4.0.5"
            },
            {
              "status": "affected",
              "version": "4.0.6"
            },
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "4.0.7"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-24T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21998515"
        },
        {
          "name": "1037821",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037821"
        },
        {
          "name": "1037820",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037820"
        },
        {
          "name": "96282",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96282"
        },
        {
          "name": "1037822",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037822"
        },
        {
          "name": "1037823",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037823"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-8968",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.1"
                          },
                          {
                            "version_value": "4.0"
                          },
                          {
                            "version_value": "3.0.1.6"
                          },
                          {
                            "version_value": "4.0.1"
                          },
                          {
                            "version_value": "4.0.2"
                          },
                          {
                            "version_value": "4.0.3"
                          },
                          {
                            "version_value": "4.0.4"
                          },
                          {
                            "version_value": "4.0.5"
                          },
                          {
                            "version_value": "4.0.6"
                          },
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "4.0.7"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21998515",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21998515"
            },
            {
              "name": "1037821",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037821"
            },
            {
              "name": "1037820",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037820"
            },
            {
              "name": "96282",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96282"
            },
            {
              "name": "1037822",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037822"
            },
            {
              "name": "1037823",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037823"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-8968",
    "datePublished": "2017-02-15T19:00:00",
    "dateReserved": "2016-10-25T00:00:00",
    "dateUpdated": "2024-08-06T02:35:02.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1281 (GCVE-0-2017-1281)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-16 16:38
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124759.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:27.880Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          },
          {
            "name": "ibm-rqm-cve20171281-xss(124759)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124759"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124759."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        },
        {
          "name": "ibm-rqm-cve20171281-xss(124759)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124759"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1281",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124759."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            },
            {
              "name": "ibm-rqm-cve20171281-xss(124759)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124759"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1281",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T16:38:07.993Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0862 (GCVE-0-2014-0862)
Vulnerability from cvelistv5
Published
2014-03-02 02:00
Modified
2024-08-06 09:27
Severity ?
CWE
  • n/a
Summary
Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.273Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rationalclm-cve20140862-rce(90895)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90895"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664566"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rationalclm-cve20140862-rce(90895)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90895"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664566"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0862",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rationalclm-cve20140862-rce(90895)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90895"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21664566",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664566"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0862",
    "datePublished": "2014-03-02T02:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1277 (GCVE-0-2017-1277)
Vulnerability from cvelistv5
Published
2018-07-03 19:00
Modified
2024-09-17 01:50
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124752.
References
Impacted products
Vendor Product Version
IBM Rational Collaborative Lifecycle Management Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
   IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:28.405Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-rqm-cve20171277-xss(124752)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124752"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-prd-trops.events.ibm.com/node/715749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124752."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-03T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-rqm-cve20171277-xss(124752)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124752"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-prd-trops.events.ibm.com/node/715749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-06-28T00:00:00",
          "ID": "CVE-2017-1277",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124752."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-rqm-cve20171277-xss(124752)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124752"
            },
            {
              "name": "https://www-prd-trops.events.ibm.com/node/715749",
              "refsource": "CONFIRM",
              "url": "https://www-prd-trops.events.ibm.com/node/715749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1277",
    "datePublished": "2018-07-03T19:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T01:50:48.018Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1829 (GCVE-0-2018-1829)
Vulnerability from cvelistv5
Published
2019-03-14 22:00
Modified
2024-09-16 19:36
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Cross-site scripting
Summary
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150432.
References
Impacted products
Vendor Product Version
IBM Rational Quality Manager Version: 5.0
Version: 5.0.1
Version: 5.0.2
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3
Version: 6.0.4
Version: 6.0.5
Version: 6.0.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.624Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
          },
          {
            "name": "ibm-rqm-cve20181829-xss(150432)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150432"
          },
          {
            "name": "107433",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107433"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "6.0.5"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            }
          ]
        }
      ],
      "datePublic": "2019-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150432."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-18T06:06:07",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
        },
        {
          "name": "ibm-rqm-cve20181829-xss(150432)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150432"
        },
        {
          "name": "107433",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107433"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-08T00:00:00",
          "ID": "CVE-2018-1829",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "5.0.2"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          },
                          {
                            "version_value": "6.0.4"
                          },
                          {
                            "version_value": "6.0.5"
                          },
                          {
                            "version_value": "6.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150432."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10875318",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
            },
            {
              "name": "ibm-rqm-cve20181829-xss(150432)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150432"
            },
            {
              "name": "107433",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107433"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1829",
    "datePublished": "2019-03-14T22:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T19:36:31.822Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2016-11-24 19:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21991478Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/94557
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21991478Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94557
Impacted products
Vendor Product Version
ibm rational_doors_next_generation 4.0.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_engineering_lifecycle_manager 4.0.0
ibm rational_engineering_lifecycle_manager 4.0.1
ibm rational_engineering_lifecycle_manager 4.0.2
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_collaborative_lifecycle_management 3.0.1.6
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0.0
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_software_architect_design_manager 4.0.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_software_architect_design_manager 6.0.2
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_team_concert 3.0.1.6
ibm rational_team_concert 4.0.0
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F32526-C148-4FCE-B32B-88A8F2BB3A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF24F7E-C48D-42CE-98AD-71F042014B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4377F30-6FDD-4232-92A4-62832E08A934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B494B8-27DC-4FA4-BB86-1FEF51A2FA6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5419531-869F-4389-AF72-18F6E0DF3CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "08EEA77B-8151-407C-A840-6E2334FF962B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FA0B68-62BE-45B5-A359-1F922BEA587C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC4C9D2-6799-44B5-AEF4-47DD3CC012FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED534E3-80EF-40AF-927A-20D59DA7B045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "543CFD7E-E204-436E-A88E-212A368F7AB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6B3E2B-B33D-4FB4-A8CF-0D3C781B371E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2214FC95-71C7-4EB5-B924-9626D663E8FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2500F56F-C615-4836-9F6E-44985F898E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBEB328-08B8-41ED-8D80-748948CB2BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Rational Collaborative Lifecycle Management 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Team Concert 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
    }
  ],
  "id": "CVE-2016-0273",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-24T19:59:02.207",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/94557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94557"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-03-14 22:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150426.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10875318Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/107433Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/150426VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10875318Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107433Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/150426VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "430B8F05-0B96-409A-AAFD-4F73C3B12AEB",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35C8771-5A65-4497-842A-7FE25EEBB82C",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150426."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager, desde la versi\u00f3n 5.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 150426."
    }
  ],
  "id": "CVE-2018-1823",
  "lastModified": "2024-11-21T04:00:27.540",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-14T22:29:00.570",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107433"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150426"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-27 14:15
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/150429VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/150429VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *
ibm rhapsody_model_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6191DCC1-0B3D-4E9C-A344-F7B1BFFE2088",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F290FC9D-C447-48FC-9B1C-C6E70E547604",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "872DDF37-D4BB-42DB-A902-BFA2E5C4B458",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D478070E-E421-4987-8726-D8BD3C9B641C",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44C1F02-258A-49F2-A610-64F357F42AD5",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFD7DC9-CCC6-4276-87A6-34C72BBF5CDE",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED8AC12E-E329-49BA-A0A4-E3228C1C0EA7",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1 es vulnerable a los scripts entre sitios. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, por lo tanto, alterar la funcionalidad deseada que podr\u00eda llevar a la revelaci\u00f3n de credenciales dentro de una sesi\u00f3n segura. ID de IBM X-Force: 150429."
    }
  ],
  "id": "CVE-2018-1826",
  "lastModified": "2024-11-21T04:00:27.917",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-27T14:15:10.097",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150429"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-27 14:15
Modified
2024-11-21 04:43
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10956525Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/159883VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10956525Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/159883VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6191DCC1-0B3D-4E9C-A344-F7B1BFFE2088",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F290FC9D-C447-48FC-9B1C-C6E70E547604",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "872DDF37-D4BB-42DB-A902-BFA2E5C4B458",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D478070E-E421-4987-8726-D8BD3C9B641C",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44C1F02-258A-49F2-A610-64F357F42AD5",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFD7DC9-CCC6-4276-87A6-34C72BBF5CDE",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1 podr\u00eda permitir a un atacante remoto atravesar directorios en el sistema. Un atacante podr\u00eda enviar una solicitud de URL especialmente dise\u00f1ada que contenga secuencias de \"dot dot\" (/../) para ver archivos arbitrarios en el sistema. ID de IBM X-Force: 159883."
    }
  ],
  "id": "CVE-2019-4252",
  "lastModified": "2024-11-21T04:43:22.770",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-27T14:15:10.737",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159883"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-06 14:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/124355VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715709Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/124355VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715709Permissions Required
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_team_concert *
ibm rational_team_concert 5.0.1
ibm rational_doors_next_generation *
ibm rational_doors_next_generation 5.0.1
ibm rational_quality_manager *
ibm rational_quality_manager 5.0.1
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager 5.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55F41839-16F2-4DF0-851E-4549F906BB70",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C7E065-EAF0-4A4D-B6F8-A2705C287EE7",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "130C05BE-0919-4A40-9F1E-C7AB4D718D05",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C61916-4F4D-4DD3-8F09-F55322767C14",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E0686F-C62F-4A6A-861E-19467C8018A0",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4BE1EAE-1C18-4FC0-A7FB-A58C011CF1F9",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355."
    },
    {
      "lang": "es",
      "value": "Las aplicaciones basadas en IBM Jazz son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 124355."
    }
  ],
  "id": "CVE-2017-1237",
  "lastModified": "2024-11-21T03:21:33.710",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-06T14:29:00.507",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124355"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715709"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715709"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-25 12:29
Modified
2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22009296Issue Tracking, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/101599Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/124523VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22009296Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101599Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/124523VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en aplicaciones basadas en Jazz Foundation de IBM podr\u00c3\u00ada permitir que se muestre informaci\u00c3\u00b3n de la traza de pila a un atacante. IBM X-Force ID: 124523."
    }
  ],
  "id": "CVE-2017-1241",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-25T12:29:00.297",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101599"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124523"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-27 14:15
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/152156VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/152156VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *
ibm rhapsody_model_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6191DCC1-0B3D-4E9C-A344-F7B1BFFE2088",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F290FC9D-C447-48FC-9B1C-C6E70E547604",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "872DDF37-D4BB-42DB-A902-BFA2E5C4B458",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D478070E-E421-4987-8726-D8BD3C9B641C",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44C1F02-258A-49F2-A610-64F357F42AD5",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFD7DC9-CCC6-4276-87A6-34C72BBF5CDE",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED8AC12E-E329-49BA-A0A4-E3228C1C0EA7",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1 es vulnerable a los scripts entre sitios. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, por lo tanto, alterar la funcionalidad deseada que podr\u00eda llevar a la revelaci\u00f3n de credenciales dentro de una sesi\u00f3n segura. ID de IBM X-Force: 152156."
    }
  ],
  "id": "CVE-2018-1892",
  "lastModified": "2024-11-21T04:00:33.110",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-27T14:15:10.270",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152156"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-03 05:59
Modified
2025-04-12 10:46
Severity ?
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 allows local users to bypass intended access restrictions via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21973404Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21973404Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_quality_manager 2.0
ibm rational_quality_manager 2.0.1
ibm rational_quality_manager 3.0
ibm rational_quality_manager 3.0.1
ibm rational_quality_manager 3.0.1.1
ibm rational_quality_manager 3.0.1.2
ibm rational_quality_manager 3.0.1.3
ibm rational_quality_manager 3.0.1.4
ibm rational_quality_manager 3.0.1.5
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_requirements_composer 2.0
ibm rational_requirements_composer 2.0.0.1
ibm rational_requirements_composer 2.0.0.2
ibm rational_requirements_composer 2.0.0.3
ibm rational_requirements_composer 2.0.0.4
ibm rational_requirements_composer 3.0
ibm rational_requirements_composer 3.0.1
ibm rational_requirements_composer 3.0.1.1
ibm rational_requirements_composer 3.0.1.2
ibm rational_requirements_composer 3.0.1.3
ibm rational_requirements_composer 3.0.1.4
ibm rational_requirements_composer 3.0.1.5
ibm rational_requirements_composer 3.0.1.6
ibm rational_requirements_composer 4.0
ibm rational_requirements_composer 4.0.0.1
ibm rational_requirements_composer 4.0.0.2
ibm rational_requirements_composer 4.0.1
ibm rational_requirements_composer 4.0.2
ibm rational_requirements_composer 4.0.3
ibm rational_requirements_composer 4.0.4
ibm rational_requirements_composer 4.0.5
ibm rational_requirements_composer 4.0.6
ibm rational_requirements_composer 4.0.7
ibm rational_engineering_lifecycle_manager 1.0
ibm rational_engineering_lifecycle_manager 1.0.0.1
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_collaborative_lifecycle_management 3.0.1
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_doors_next_generation 4.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_rhapsody_design_manager 3.0
ibm rational_rhapsody_design_manager 3.0.0.1
ibm rational_rhapsody_design_manager 3.0.1
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_team_concert 2.0
ibm rational_team_concert 2.0.0.1
ibm rational_team_concert 2.0.0.2
ibm rational_team_concert 3.0
ibm rational_team_concert 3.0.1
ibm rational_team_concert 3.0.1.1
ibm rational_team_concert 3.0.1.2
ibm rational_team_concert 3.0.1.3
ibm rational_team_concert 3.0.1.4
ibm rational_team_concert 3.0.1.5
ibm rational_team_concert 3.0.1.6
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_software_architect_design_manager 3.0
ibm rational_software_architect_design_manager 3.0.0.1
ibm rational_software_architect_design_manager 3.0.1
ibm rational_software_architect_design_manager 4.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CE0A31B-7A9B-40E6-8648-365D018BA0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71ECC4C2-BF61-47C7-8435-BE71F1AD0A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79E7EF2-5615-4300-BC0D-865DBDC8B46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59EB6D6-2A74-4988-912C-97045647F1ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EAB61F7-B5B4-47E8-8BFD-02F025358781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93D8CAB-0DF0-4A1D-B1A3-78FF892D04AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7204792C-1506-4E95-92CD-098F760FC429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FC134C-08AB-4874-B31D-B08CDF4C2DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1649F910-F8B9-4AAD-9743-C37B8784A771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E211DC-D0D7-4527-AE87-231A19D58C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20AABE5F-C942-45BB-86A9-C3F2E949D64E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A04D314-F6EB-41B9-945A-D8428D86B655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3717DCFC-1336-45EC-919C-E1CD1B37DA2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC743273-AD4B-4A14-9C0C-23A865A640C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E8B281-4A2E-41E9-8953-9F041030EF65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF24AEA-D261-485F-A7FF-D5DAF033C571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD53B1B-BCD3-4A8D-8FBB-4965FA30D9E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0FA509F-C96E-428C-A69A-7D96E1C219B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0229C996-3960-4A7A-BA2E-03819281CA6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FBFCAE-0324-4C8B-82F4-1EBFA440CB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17099F68-B49C-4433-98B6-7C7FE8846702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D43547B3-1085-48B1-A6D3-32B791EE09FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D3894CB-8DF7-4011-B47F-36485A2A6E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CDFA1C-9C07-4744-95F9-93A2332E2F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D8C43B-C109-44E1-868F-7DC1289D9BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EFFBB5B-8566-45BC-9123-5418821E6EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF2CC2A-232C-43A6-8C9B-E6125C051BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A84EA62-E3F8-4E4C-9FEF-065300C4611A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0232D8EF-1DB3-477D-818C-B79B68406197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8158D2-ECB0-4F89-BE73-568CA213D9B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B30003D-1BF8-414D-9D6D-9D1B90D4EBB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B5AC6B-5DCB-458C-8267-6AF5CC9C3E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E21B53E-28C2-4930-88F3-3AADD1BF31B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E997305-EC48-42C4-9408-EE622818BA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF445BA2-BD53-43FB-BF1E-58510FC4FF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA18DE5C-904D-4FD0-A479-18314B170ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "890ABCC2-F417-4E6E-A0A8-7D485FAE3FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D0173BE-F9DE-4566-B060-095203FAACA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4875C452-2466-45F1-8923-00E5340D74D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B15EF2E-A114-4128-85F1-889EDC3F6C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07F4E00-F0BA-4821-B5B4-3C0E9D01AAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80E49B8-8BC4-4150-B86A-A5E474F4E598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6915A8F-05A1-4D39-BF53-0C3F4B155A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E92346D-B1A8-43F8-B2C1-E69A3301560B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F081AEF5-3F0F-4D58-8BBE-EDB9C569CAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "44840CC3-5720-4AF8-B508-67AB5E3E1CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F65519B-90F8-4A17-BA94-FDFDE5BF8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5C2251-FB5D-4775-BDB8-6115732E6615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB05DAD7-F6DB-4441-B9D4-BD0F1BD1DF25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89BE9040-CC37-495C-A05B-FC3DFBC02DC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B450B35-5169-4B41-B928-0F22DF55A28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 allows local users to bypass intended access restrictions via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Rational LifeCycle Project Administration en Jazz Team Server en IBM Rational Collaborative Lifecycle Management (CLM) 3.x y 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF9 y 6.x en versiones anteriores a 6.0.1; Rational Quality Manager (RQM) 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF9 y 6.x en versiones anteriores a 6.0.1; Rational Team Concert (RTC) 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF9 y 6.x en versiones anteriores a 6.0.1; Rational Requirements Composer (RRC) 3.x en versiones anteriores a 3.0.1.6 IF7 y 4.x en versiones anteriores a 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF9 y 6.x en versiones anteriores a 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x hasta la versi\u00f3n 4.0.7, 5.x hasta la versi\u00f3n 5.0.2 y 6.x en versiones anteriores a 6.0.1; Rational Rhapsody Design Manager (DM) 4.x hasta la versi\u00f3n 4.0.7, 5.x hasta la versi\u00f3n 5.0.2 y 6.x en versiones anteriores a 6.0.1; y Rational Software Architect Design Manager (DM) 4.x hasta la versi\u00f3n 4.0.7, 5.x hasta la versi\u00f3n 5.0.2 y 6.x en versiones anteriores a 6.0.1 permite a usuarios locales eludir las restricciones de acceso previstas a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-4946",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-03T05:59:00.117",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973404"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-03 05:59
Modified
2025-04-12 10:46
Severity ?
3.5 (Low) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 uses weak permissions for unspecified project areas, which allows remote authenticated users to obtain sensitive information via unknown vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21973404Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21973404Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_rhapsody_design_manager 3.0
ibm rational_rhapsody_design_manager 3.0.0.1
ibm rational_rhapsody_design_manager 3.0.1
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_quality_manager 2.0
ibm rational_quality_manager 2.0.1
ibm rational_quality_manager 3.0
ibm rational_quality_manager 3.0.1
ibm rational_quality_manager 3.0.1.1
ibm rational_quality_manager 3.0.1.2
ibm rational_quality_manager 3.0.1.3
ibm rational_quality_manager 3.0.1.4
ibm rational_quality_manager 3.0.1.5
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_requirements_composer 2.0
ibm rational_requirements_composer 2.0.0.1
ibm rational_requirements_composer 2.0.0.2
ibm rational_requirements_composer 2.0.0.3
ibm rational_requirements_composer 2.0.0.4
ibm rational_requirements_composer 3.0
ibm rational_requirements_composer 3.0.1
ibm rational_requirements_composer 3.0.1.1
ibm rational_requirements_composer 3.0.1.2
ibm rational_requirements_composer 3.0.1.3
ibm rational_requirements_composer 3.0.1.4
ibm rational_requirements_composer 3.0.1.5
ibm rational_requirements_composer 3.0.1.6
ibm rational_requirements_composer 4.0
ibm rational_requirements_composer 4.0.0.1
ibm rational_requirements_composer 4.0.0.2
ibm rational_requirements_composer 4.0.1
ibm rational_requirements_composer 4.0.2
ibm rational_requirements_composer 4.0.3
ibm rational_requirements_composer 4.0.4
ibm rational_requirements_composer 4.0.5
ibm rational_requirements_composer 4.0.6
ibm rational_requirements_composer 4.0.7
ibm rational_engineering_lifecycle_manager 1.0
ibm rational_engineering_lifecycle_manager 1.0.0.1
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_software_architect_design_manager 3.0
ibm rational_software_architect_design_manager 3.0.0.1
ibm rational_software_architect_design_manager 3.0.1
ibm rational_software_architect_design_manager 4.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_collaborative_lifecycle_management 3.0.1
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_doors_next_generation 4.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_team_concert 2.0
ibm rational_team_concert 2.0.0.1
ibm rational_team_concert 2.0.0.2
ibm rational_team_concert 3.0
ibm rational_team_concert 3.0.1
ibm rational_team_concert 3.0.1.1
ibm rational_team_concert 3.0.1.2
ibm rational_team_concert 3.0.1.3
ibm rational_team_concert 3.0.1.4
ibm rational_team_concert 3.0.1.5
ibm rational_team_concert 3.0.1.6
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF445BA2-BD53-43FB-BF1E-58510FC4FF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA18DE5C-904D-4FD0-A479-18314B170ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "890ABCC2-F417-4E6E-A0A8-7D485FAE3FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CE0A31B-7A9B-40E6-8648-365D018BA0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71ECC4C2-BF61-47C7-8435-BE71F1AD0A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79E7EF2-5615-4300-BC0D-865DBDC8B46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59EB6D6-2A74-4988-912C-97045647F1ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EAB61F7-B5B4-47E8-8BFD-02F025358781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93D8CAB-0DF0-4A1D-B1A3-78FF892D04AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7204792C-1506-4E95-92CD-098F760FC429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FC134C-08AB-4874-B31D-B08CDF4C2DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1649F910-F8B9-4AAD-9743-C37B8784A771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E211DC-D0D7-4527-AE87-231A19D58C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20AABE5F-C942-45BB-86A9-C3F2E949D64E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A04D314-F6EB-41B9-945A-D8428D86B655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3717DCFC-1336-45EC-919C-E1CD1B37DA2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC743273-AD4B-4A14-9C0C-23A865A640C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E8B281-4A2E-41E9-8953-9F041030EF65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF24AEA-D261-485F-A7FF-D5DAF033C571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD53B1B-BCD3-4A8D-8FBB-4965FA30D9E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0FA509F-C96E-428C-A69A-7D96E1C219B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0229C996-3960-4A7A-BA2E-03819281CA6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FBFCAE-0324-4C8B-82F4-1EBFA440CB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17099F68-B49C-4433-98B6-7C7FE8846702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D43547B3-1085-48B1-A6D3-32B791EE09FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D3894CB-8DF7-4011-B47F-36485A2A6E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CDFA1C-9C07-4744-95F9-93A2332E2F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D8C43B-C109-44E1-868F-7DC1289D9BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EFFBB5B-8566-45BC-9123-5418821E6EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF2CC2A-232C-43A6-8C9B-E6125C051BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A84EA62-E3F8-4E4C-9FEF-065300C4611A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0232D8EF-1DB3-477D-818C-B79B68406197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8158D2-ECB0-4F89-BE73-568CA213D9B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B30003D-1BF8-414D-9D6D-9D1B90D4EBB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B5AC6B-5DCB-458C-8267-6AF5CC9C3E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5C2251-FB5D-4775-BDB8-6115732E6615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB05DAD7-F6DB-4441-B9D4-BD0F1BD1DF25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89BE9040-CC37-495C-A05B-FC3DFBC02DC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B450B35-5169-4B41-B928-0F22DF55A28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E21B53E-28C2-4930-88F3-3AADD1BF31B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E997305-EC48-42C4-9408-EE622818BA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D0173BE-F9DE-4566-B060-095203FAACA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4875C452-2466-45F1-8923-00E5340D74D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B15EF2E-A114-4128-85F1-889EDC3F6C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07F4E00-F0BA-4821-B5B4-3C0E9D01AAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80E49B8-8BC4-4150-B86A-A5E474F4E598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6915A8F-05A1-4D39-BF53-0C3F4B155A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E92346D-B1A8-43F8-B2C1-E69A3301560B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F081AEF5-3F0F-4D58-8BBE-EDB9C569CAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "44840CC3-5720-4AF8-B508-67AB5E3E1CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F65519B-90F8-4A17-BA94-FDFDE5BF8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 uses weak permissions for unspecified project areas, which allows remote authenticated users to obtain sensitive information via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Jazz Team Server en Jazz Foundation en IBM Rational Collaborative Lifecycle Management (CLM) 3.x y 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF9 y 6.x en versiones anteriores a 6.0.1; Rational Quality Manager (RQM) 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF9 y 6.x en versiones anteriores a 6.0.1; Rational Team Concert (RTC) 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF9 y 6.x en versiones anteriores a 6.0.1; Rational Requirements Composer (RRC) 3.x en versiones anteriores a 3.0.1.6 IF7 y 4.x en versiones anteriores a 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF9 y 6.x en versiones anteriores a 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x hasta la versi\u00f3n 4.0.7, 5.x hasta la versi\u00f3n 5.0.2 y 6.x en versiones anteriores a 6.0.1; Rational Rhapsody Design Manager (DM) 4.x hasta la versi\u00f3n 4.0.7, 5.x hasta la versi\u00f3n 5.0.2 y 6.x en versiones anteriores a 6.0.1; y Rational Software Architect Design Manager (DM) 4.x hasta la versi\u00f3n 4.0.7, 5.x hasta la versi\u00f3n 5.0.2 y 6.x en versiones anteriores a 6.0.1 utiliza permisos d\u00e9biles para \u00e1reas de proyecto no especificadas, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2015-4962",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 5.1,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-03T05:59:01.430",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973404"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-06 14:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10716201Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/126231VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10716201Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/126231VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_collaborative_lifecycle_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "886BE49D-114F-4BF7-BE5C-2EEFA44CAFD6",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1428CCDC-D542-4983-B035-66FC28E5FF6A",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91C31818-990D-4CA2-8AB1-3039E447F2E8",
              "versionEndIncluding": "6.0.3",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site. IBM X-Force ID: 126231."
    },
    {
      "lang": "es",
      "value": "IBM Quality Manager (RQM) en versiones 5.0.x y desde la 6.0 hasta la 6.0.5 es vulnerable a inyecci\u00f3n HTML. Un atacante remoto podr\u00eda ejecutar c\u00f3digo HTML malicioso que, cuando se visualiza, se ejecutar\u00eda en el navegador web de la v\u00edctima en el contexto de seguridad del sitio anfitri\u00f3n. IBM X-Force ID: 126231."
    }
  ],
  "id": "CVE-2017-1329",
  "lastModified": "2024-11-21T03:21:43.657",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-06T14:29:00.757",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126231"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-10 16:29
Modified
2024-11-21 03:59
Severity ?
4.3 (Medium) - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 (Medium) - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10716599Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/140977Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10716599Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/140977Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D60CEDB8-034B-45E2-9CD6-EDBAC42F8004",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A559F0D7-DFB9-4CBB-8F64-EE7FE1B4DFE5",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C7E065-EAF0-4A4D-B6F8-A2705C287EE7",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64000F3-395D-4826-92DD-DB2489470462",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "130C05BE-0919-4A40-9F1E-C7AB4D718D05",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "886BE49D-114F-4BF7-BE5C-2EEFA44CAFD6",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C61916-4F4D-4DD3-8F09-F55322767C14",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B07DA35D-2527-4DE8-97F1-9FC1C48255EE",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E0686F-C62F-4A6A-861E-19467C8018A0",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1113669B-B338-4ABD-9A34-B57880020C84",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F767CA4-A024-44A4-A987-17057E1A6245",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4BE1EAE-1C18-4FC0-A7FB-A58C011CF1F9",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server\u0027s failure to properly log out from the previous session. IBM X-Force ID: 140977."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation podr\u00edan permitir que un usuario con acceso f\u00edsico al sistema inicie sesi\u00f3n como otro usuario debido al error del servidor a la hora de cerrar la sesi\u00f3n anterior correctamente. IBM X-Force ID: 140977."
    }
  ],
  "id": "CVE-2018-1492",
  "lastModified": "2024-11-21T03:59:55.093",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-10T16:29:00.643",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716599"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140977"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140977"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-27 16:15
Modified
2024-11-21 06:01
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/203025VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/203025VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization 7.0.1
ibm engineering_lifecycle_optimization 7.0.2
ibm engineering_workflow_management 6.0.6
ibm engineering_workflow_management 6.0.6.1
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_doors_next_generation 7.0
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_engineering_lifecycle_manager 7.0.1
ibm rational_engineering_lifecycle_manager 7.0.2
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1
ibm rational_team_concert 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E04D01A5-D5B6-481F-89A6-E2D59AB50C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "366A25AA-CB2E-4D9D-9F12-12C4219FAE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA5B410-20C9-4B68-87C1-C0ECA72041E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA73A7F-6455-40C1-BF2E-EA4832D788AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3346A2-D576-48D5-A79A-773F127DB75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2A1FE3-0E4A-4D97-9C3D-923507A732A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A347BB4B-5E33-4F4E-9BDB-476DC2F79268",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Team Server podr\u00edan permitir a un usuario autenticado alcanzar privilegios elevados bajo determinadas configuraciones. IBM X-Force ID: 203025"
    }
  ],
  "id": "CVE-2021-29774",
  "lastModified": "2024-11-21T06:01:47.003",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-27T16:15:07.520",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203025"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131764.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/131764Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/131764Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131764."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 131764."
    }
  ],
  "id": "CVE-2017-1564",
  "lastModified": "2024-11-21T03:22:05.400",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:01.167",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131764"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131764"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132493.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/132493VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/132493VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132493."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 132493."
    }
  ],
  "id": "CVE-2017-1592",
  "lastModified": "2024-11-21T03:22:06.997",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:01.293",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132493"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-06-07 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21957763Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21957763Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_requirements_composer 2.0
ibm rational_requirements_composer 2.0.0.1
ibm rational_requirements_composer 2.0.0.2
ibm rational_requirements_composer 2.0.0.3
ibm rational_requirements_composer 2.0.0.4
ibm rational_requirements_composer 3.0
ibm rational_requirements_composer 3.0.1
ibm rational_requirements_composer 3.0.1.1
ibm rational_requirements_composer 3.0.1.2
ibm rational_requirements_composer 3.0.1.3
ibm rational_requirements_composer 3.0.1.4
ibm rational_requirements_composer 3.0.1.5
ibm rational_requirements_composer 3.0.1.6
ibm rational_requirements_composer 3.5
ibm rational_requirements_composer 4.0
ibm rational_requirements_composer 4.0.0
ibm rational_requirements_composer 4.0.0.1
ibm rational_requirements_composer 4.0.0.2
ibm rational_requirements_composer 4.0.1
ibm rational_requirements_composer 4.0.2
ibm rational_requirements_composer 4.0.3
ibm rational_requirements_composer 4.0.4
ibm rational_requirements_composer 4.0.5
ibm rational_requirements_composer 4.0.6
ibm rational_requirements_composer 4.0.7
ibm rhapsody_design_manager 3.0.0
ibm rhapsody_design_manager 3.0.0.1
ibm rhapsody_design_manager 3.0.1
ibm rhapsody_design_manager 4.0.0
ibm rhapsody_design_manager 4.0.1
ibm rhapsody_design_manager 4.0.2
ibm rhapsody_design_manager 4.0.3
ibm rhapsody_design_manager 4.0.4
ibm rhapsody_design_manager 4.0.5
ibm rhapsody_design_manager 4.0.6
ibm rhapsody_design_manager 4.0.7
ibm rhapsody_design_manager 5.0
ibm rhapsody_design_manager 5.0.2
ibm rational_requirements_composer 2.0
ibm rational_requirements_composer 2.0.0.1
ibm rational_requirements_composer 2.0.0.2
ibm rational_requirements_composer 2.0.0.3
ibm rational_requirements_composer 2.0.0.4
ibm rational_requirements_composer 3.0
ibm rational_requirements_composer 3.0.1
ibm rational_requirements_composer 3.0.1.1
ibm rational_requirements_composer 3.0.1.2
ibm rational_requirements_composer 3.0.1.3
ibm rational_requirements_composer 3.0.1.4
ibm rational_requirements_composer 3.0.1.5
ibm rational_requirements_composer 3.0.1.6
ibm rational_requirements_composer 3.5
ibm rational_requirements_composer 4.0
ibm rational_requirements_composer 4.0.0
ibm rational_requirements_composer 4.0.0.1
ibm rational_requirements_composer 4.0.0.2
ibm rational_requirements_composer 4.0.1
ibm rational_requirements_composer 4.0.2
ibm rational_requirements_composer 4.0.3
ibm rational_requirements_composer 4.0.4
ibm rational_requirements_composer 4.0.5
ibm rational_requirements_composer 4.0.6
ibm rational_requirements_composer 4.0.7
ibm rational_team_concert 2.0
ibm rational_team_concert 2.0.0.1
ibm rational_team_concert 2.0.0.2
ibm rational_team_concert 3.0
ibm rational_team_concert 3.0.1
ibm rational_team_concert 3.0.1.1
ibm rational_team_concert 3.0.1.2
ibm rational_team_concert 3.0.1.3
ibm rational_team_concert 3.0.1.4
ibm rational_team_concert 3.0.1.5
ibm rational_team_concert 3.0.1.6
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_quality_manager 2.0
ibm rational_quality_manager 2.0.0.1
ibm rational_quality_manager 2.0.0.2
ibm rational_quality_manager 2.0.1
ibm rational_quality_manager 3.0
ibm rational_quality_manager 3.0.1
ibm rational_quality_manager 3.0.1.1
ibm rational_quality_manager 3.0.1.2
ibm rational_quality_manager 3.0.1.3
ibm rational_quality_manager 3.0.1.4
ibm rational_quality_manager 3.0.1.5
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.2
ibm rational_software_architect_design_manager 3.0.0
ibm rational_software_architect_design_manager 3.0.0.1
ibm rational_software_architect_design_manager 3.0.1
ibm rational_software_architect_design_manager 4.0.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_collaborative_lifecycle_management 3.0.1
ibm rational_collaborative_lifecycle_management 3.0.1.1
ibm rational_collaborative_lifecycle_management 3.0.1.2
ibm rational_collaborative_lifecycle_management 3.0.1.3
ibm rational_collaborative_lifecycle_management 3.0.1.4
ibm rational_collaborative_lifecycle_management 3.0.1.5
ibm rational_collaborative_lifecycle_management 3.0.1.6
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_doors_next_generation 4.0.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_engineering_lifecycle_manager 1.0
ibm rational_engineering_lifecycle_manager 1.0.0.1
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E211DC-D0D7-4527-AE87-231A19D58C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20AABE5F-C942-45BB-86A9-C3F2E949D64E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A04D314-F6EB-41B9-945A-D8428D86B655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3717DCFC-1336-45EC-919C-E1CD1B37DA2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC743273-AD4B-4A14-9C0C-23A865A640C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E8B281-4A2E-41E9-8953-9F041030EF65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF24AEA-D261-485F-A7FF-D5DAF033C571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD53B1B-BCD3-4A8D-8FBB-4965FA30D9E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0FA509F-C96E-428C-A69A-7D96E1C219B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0229C996-3960-4A7A-BA2E-03819281CA6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FBFCAE-0324-4C8B-82F4-1EBFA440CB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17099F68-B49C-4433-98B6-7C7FE8846702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D43547B3-1085-48B1-A6D3-32B791EE09FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0795E4AC-CFB9-447A-BDB0-7C7AA3799CD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D3894CB-8DF7-4011-B47F-36485A2A6E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF6342F6-709A-4043-A879-57E9C7232C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CDFA1C-9C07-4744-95F9-93A2332E2F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D8C43B-C109-44E1-868F-7DC1289D9BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EFFBB5B-8566-45BC-9123-5418821E6EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF2CC2A-232C-43A6-8C9B-E6125C051BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A84EA62-E3F8-4E4C-9FEF-065300C4611A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0232D8EF-1DB3-477D-818C-B79B68406197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8158D2-ECB0-4F89-BE73-568CA213D9B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "528AE2DE-49A1-4E4B-9CF5-A3D0C30E47F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5334F84-3E99-47B7-808F-8BF26A98A755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0629DA-AD85-4FC2-8118-98E8CC94D1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4166464B-D163-4D94-AF3F-2504E109281E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A10011-CED4-45E0-B53E-72DD7B977746",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83E1F8E-8B98-444E-9FE0-AC7CB508829E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B67C8F-9FDF-490B-8173-01CAFE0D79C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "305F6730-1FA4-4256-9190-653302CDAA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42AF422E-1E9B-4A77-A65A-61BF01338554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EE7242E-4E09-43F7-BC2D-993465CE324B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F0D2BD8-3DD8-4DAD-BDDF-6F5D8C73AA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9F8754-B1A3-4261-B879-8E02FADFE4FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84620B49-B887-4A87-A2EF-6E763AB4E9D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E211DC-D0D7-4527-AE87-231A19D58C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20AABE5F-C942-45BB-86A9-C3F2E949D64E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A04D314-F6EB-41B9-945A-D8428D86B655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3717DCFC-1336-45EC-919C-E1CD1B37DA2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC743273-AD4B-4A14-9C0C-23A865A640C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E8B281-4A2E-41E9-8953-9F041030EF65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF24AEA-D261-485F-A7FF-D5DAF033C571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD53B1B-BCD3-4A8D-8FBB-4965FA30D9E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0FA509F-C96E-428C-A69A-7D96E1C219B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0229C996-3960-4A7A-BA2E-03819281CA6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FBFCAE-0324-4C8B-82F4-1EBFA440CB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17099F68-B49C-4433-98B6-7C7FE8846702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D43547B3-1085-48B1-A6D3-32B791EE09FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0795E4AC-CFB9-447A-BDB0-7C7AA3799CD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D3894CB-8DF7-4011-B47F-36485A2A6E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF6342F6-709A-4043-A879-57E9C7232C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CDFA1C-9C07-4744-95F9-93A2332E2F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D8C43B-C109-44E1-868F-7DC1289D9BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EFFBB5B-8566-45BC-9123-5418821E6EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF2CC2A-232C-43A6-8C9B-E6125C051BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A84EA62-E3F8-4E4C-9FEF-065300C4611A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0232D8EF-1DB3-477D-818C-B79B68406197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8158D2-ECB0-4F89-BE73-568CA213D9B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D0173BE-F9DE-4566-B060-095203FAACA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4875C452-2466-45F1-8923-00E5340D74D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B15EF2E-A114-4128-85F1-889EDC3F6C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07F4E00-F0BA-4821-B5B4-3C0E9D01AAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80E49B8-8BC4-4150-B86A-A5E474F4E598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6915A8F-05A1-4D39-BF53-0C3F4B155A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E92346D-B1A8-43F8-B2C1-E69A3301560B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F081AEF5-3F0F-4D58-8BBE-EDB9C569CAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "44840CC3-5720-4AF8-B508-67AB5E3E1CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F65519B-90F8-4A17-BA94-FDFDE5BF8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CE0A31B-7A9B-40E6-8648-365D018BA0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A9E54DB-5CB0-4289-B1A7-EA82494A8FEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B2944B8-BFD1-4184-8E49-69385DD0C0D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71ECC4C2-BF61-47C7-8435-BE71F1AD0A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79E7EF2-5615-4300-BC0D-865DBDC8B46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59EB6D6-2A74-4988-912C-97045647F1ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EAB61F7-B5B4-47E8-8BFD-02F025358781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93D8CAB-0DF0-4A1D-B1A3-78FF892D04AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7204792C-1506-4E95-92CD-098F760FC429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FC134C-08AB-4874-B31D-B08CDF4C2DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1649F910-F8B9-4AAD-9743-C37B8784A771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FE2858-B570-444A-BEEB-6FF9CD84E394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB05DAD7-F6DB-4441-B9D4-BD0F1BD1DF25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89BE9040-CC37-495C-A05B-FC3DFBC02DC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E21B53E-28C2-4930-88F3-3AADD1BF31B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF2CAB1D-B5AB-42D2-8F35-52C6F64EC0FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "71816D92-AC01-4F7D-A878-7280175BB422",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D17CA5-2B63-4914-9DBF-5861F69B5238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D3B001F-0031-4BED-9A49-B9589EC9E5CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8CED8F4-22A6-4945-A21F-0D399BE661F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FA0B68-62BE-45B5-A359-1F922BEA587C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B30003D-1BF8-414D-9D6D-9D1B90D4EBB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B5AC6B-5DCB-458C-8267-6AF5CC9C3E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
    },
    {
      "lang": "es",
      "value": "Jazz Team Server en Jazz Foundation en  Rational Collaborative Lifecycle Management (CLM) de IBM versi\u00f3n 3.0.1, versiones 4.x y anteriores a 4.0.7 IF5 y versiones 5.x y anteriores a 5.0.2 IF4; Rational Quality Manager (RQM) versiones  2.0 hasta 2.0.1, versiones 3.0 hasta 3.0.1.6, versiones 4.0 hasta 4.0.7, y versiones  5.0 hasta 5.0.2; Rational Team Concert (RTC) versiones 2.0 hasta 2.0.0.2, versiones 3.x y anteriores a 3.0.1.6 IF6, versiones 4.x y anteriores a 4.0.7 IF5, y versiones 5.x y anteriores a 5.0.2 IF4; Rational Requirements Composer (RRC) versiones 2.0 hasta 2.0.0.4, versiones 3.x y anteriores a 3.0.1.6 IF6, y versiones 4.0 hasta 4.0.7; Rational DOORS Next Generation (RDNG) versiones 4.x y anteriores a 4.0.7 IF5 y versiones 5.x y anteriores a 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) versiones 1.0 hasta 1.0.0.1, versiones 4.0.3 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; Rational Rhapsody Design Manager (DM) versiones 3.0 hasta 3.0.1, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; y Rational Software Architect Design Manager (RSA DM) versiones 3.0 hasta 3.0.1, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2, permite a los usuarios autenticados remotos leer archivos arbitrarios por medio de una declaraci\u00f3n de  tipo XML external entity en conjunto con una referencia de entidad, relacionada con un problema de tipo XML External Entity (XXE)."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
  "id": "CVE-2015-0112",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-07T18:59:03.470",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-25 12:29
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22009296Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/101586Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/123036VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22009296Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101586Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/123036VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation es vulnerable a Cross-Site Scripting (XSS) Esta vulnerabilidad permite que los usuarios embeban c\u00c3\u00b3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades planeadas. Esto podr\u00c3\u00ada dar lugar a una revelaci\u00c3\u00b3n de credenciales en una sesi\u00c3\u00b3n de confianza. IBM X-Force ID: 123036."
    }
  ],
  "id": "CVE-2017-1164",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-25T12:29:00.220",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101586"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123036"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2025-04-20 01:37
Severity ?
5.0 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/95115Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=swg21996097Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/95115Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=swg21996097Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation podr\u00edan permitir a un usuario autenticado asumir el control de un usuario previamente registrado debido a que la expiraci\u00f3n de sesi\u00f3n no est\u00e1 forzada."
    }
  ],
  "id": "CVE-2016-6040",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:01.817",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95115"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-27 14:15
Modified
2024-11-21 04:43
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10956525Mailing List, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/159647VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10956525Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/159647VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6191DCC1-0B3D-4E9C-A344-F7B1BFFE2088",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F290FC9D-C447-48FC-9B1C-C6E70E547604",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "872DDF37-D4BB-42DB-A902-BFA2E5C4B458",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D478070E-E421-4987-8726-D8BD3C9B641C",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44C1F02-258A-49F2-A610-64F357F42AD5",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFD7DC9-CCC6-4276-87A6-34C72BBF5CDE",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1 es vulnerable a los scripts entre sitios. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, por lo tanto, alterar la funcionalidad deseada que podr\u00eda llevar a la revelaci\u00f3n de credenciales dentro de una sesi\u00f3n segura. ID de IBM X-Force: 159647."
    }
  ],
  "id": "CVE-2019-4249",
  "lastModified": "2024-11-21T04:43:22.513",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-27T14:15:10.627",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159647"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133088.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/133088Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/133088Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133088."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 133088."
    }
  ],
  "id": "CVE-2017-1621",
  "lastModified": "2024-11-21T03:22:08.897",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:01.387",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133088"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124752.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/124752VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/124752VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Permissions Required
Impacted products
Vendor Product Version
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124752."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 124752."
    }
  ],
  "id": "CVE-2017-1277",
  "lastModified": "2024-11-21T03:21:37.470",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:00.417",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124752"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124752"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force 124630.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/124630VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/124630VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Permissions Required
Impacted products
Vendor Product Version
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force 124630."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 124630."
    }
  ],
  "id": "CVE-2017-1250",
  "lastModified": "2024-11-21T03:21:34.950",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:00.277",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124630"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-12-11 21:29
Modified
2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22010627Issue Tracking, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/129619Issue Tracking, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22010627Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/129619Issue Tracking, VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.3
ibm rational_team_concert 6.0.4
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.3
ibm rational_doors_next_generation 6.0.4
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.3
ibm rational_engineering_lifecycle_manager 6.0.4
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 6.0.3
ibm rational_rhapsody_design_manager 6.0.4
ibm rational_software_architect_design_manager 4.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B323BB-9966-4BBF-B5EE-44CD9A769A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C98336-97F8-4263-A801-D6F5673CB17A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "141B7F93-4A02-4A60-94F1-A6D9A80A4889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "27404EC5-26B2-490E-8211-09783FEF084C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A158959-BD73-40D2-BB26-537D8ACBF7A9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61CE7D3E-BF02-44DA-ADAE-5CB0E22492AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D97FEF-5C37-47EC-9B25-F05B9C5B03BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1443C0B-D85D-4A8C-AB00-E092097D93EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BEB8AD-ACD5-4F5B-8C95-8C1EA8BFE815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C57DF8BD-34A6-481A-902A-8E1D190201FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B450B35-5169-4B41-B928-0F22DF55A28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9800CBFC-3169-42CA-BB36-22C34F222FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation Products podr\u00eda revelar informaci\u00f3n sensible durante un escaneo que podr\u00eda conducir a m\u00e1s ataques contra el sistema. IBM X-Force ID: 129619."
    }
  ],
  "id": "CVE-2017-1507",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-11T21:29:00.327",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22010627"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22010627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129619"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-15 19:59
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21998515Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/96282
psirt@us.ibm.comhttp://www.securitytracker.com/id/1037820
psirt@us.ibm.comhttp://www.securitytracker.com/id/1037821
psirt@us.ibm.comhttp://www.securitytracker.com/id/1037822
psirt@us.ibm.comhttp://www.securitytracker.com/id/1037823
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21998515Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/96282
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037820
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037821
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037822
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037823
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation es vulnerable a las secuencias de comandos en sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario de la Web alterando as\u00ed funcionalidad prevista conduciendo potencialmente a la divulgaci\u00f3n de crecenciales dentro de una sesi\u00f3n de confianza. IBM Referencia #: 1998515."
    }
  ],
  "id": "CVE-2016-8968",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-15T19:59:01.097",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21998515"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/96282"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037820"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037821"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037822"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21998515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/96282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037823"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125154.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/125154VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/125154VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Permissions Required
Impacted products
Vendor Product Version
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125154."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 125154."
    }
  ],
  "id": "CVE-2017-1293",
  "lastModified": "2024-11-21T03:21:39.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:00.557",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125154"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131765.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/131765Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/131765Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131765."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 131765."
    }
  ],
  "id": "CVE-2017-1565",
  "lastModified": "2024-11-21T03:22:05.523",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:01.217",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131765"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-27 14:15
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/150431VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/150431VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *
ibm rhapsody_model_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6191DCC1-0B3D-4E9C-A344-F7B1BFFE2088",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F290FC9D-C447-48FC-9B1C-C6E70E547604",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "872DDF37-D4BB-42DB-A902-BFA2E5C4B458",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D478070E-E421-4987-8726-D8BD3C9B641C",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44C1F02-258A-49F2-A610-64F357F42AD5",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFD7DC9-CCC6-4276-87A6-34C72BBF5CDE",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED8AC12E-E329-49BA-A0A4-E3228C1C0EA7",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1 es vulnerable a los scripts entre sitios. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, por lo tanto, alterar la funcionalidad deseada que podr\u00eda llevar a la revelaci\u00f3n de credenciales dentro de una sesi\u00f3n segura. ID de IBM X-Force: 150431."
    }
  ],
  "id": "CVE-2018-1828",
  "lastModified": "2024-11-21T04:00:28.197",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-27T14:15:10.207",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150431"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150431"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-03-15 22:29
Modified
2024-11-21 02:36
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors. IBM X-Force ID: 108098.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21982747Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/108098VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21982747Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/108098VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.1
ibm rational_requirements_composer *
ibm rational_requirements_composer *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0.0
ibm rational_doors_next_generation 6.0.1
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0
ibm rational_software_architect_design_manager 6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5103D1D-DC6C-40CE-8092-5102E8F10A6E",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "3.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEF02561-E60D-4577-B4AB-D2085B3599F1",
              "versionEndIncluding": "3.0.1.6",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1C422A-3D5F-48B1-BC6E-954D1AFA34F9",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "748629D9-94EA-4A8C-84D9-16AD00442C05",
              "versionEndIncluding": "3.0.6",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CDEB94-002E-479A-A055-F3FD38D3AE41",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23C054AA-DA70-431C-A410-01671854C0D0",
              "versionEndIncluding": "3.0.1.6",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CAE640E-7342-44B0-8C02-97EE71ECAD91",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B3D3092-A570-45DE-9CD4-72E01787D189",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F32526-C148-4FCE-B32B-88A8F2BB3A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA536CF-BF5F-42F1-8F7A-7850E4AC9319",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61CE7D3E-BF02-44DA-ADAE-5CB0E22492AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19611ED3-74F3-4124-A334-09A66A9274A9",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D29F101-F08E-42A1-B7F2-1BD982F81221",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9800CBFC-3169-42CA-BB36-22C34F222FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors. IBM X-Force ID: 108098."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management (CLM) en versiones 3.0.1 anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x anteriores a 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6 y 4.0.7 anteriores a iFix10, 5.0.x anteriores a 5.0.2 iFix1 y 6.0.x anteriores a 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4 podr\u00edan permitir que los usuarios locales obtengan privilegios mediante vectores sin especificar. IBM X-Force ID: 108098."
    }
  ],
  "id": "CVE-2015-7440",
  "lastModified": "2024-11-21T02:36:47.680",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-15T22:29:00.230",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108098"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-11-25 20:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21993444Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/94146
psirt@us.ibm.comhttp://www.securitytracker.com/id/1037276
psirt@us.ibm.comhttp://www.securitytracker.com/id/1037277
psirt@us.ibm.comhttp://www.securitytracker.com/id/1037278
psirt@us.ibm.comhttp://www.securitytracker.com/id/1037279
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21993444Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94146
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037276
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037277
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037278
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037279
Impacted products
Vendor Product Version
ibm rational_team_concert 3.0.1.6
ibm rational_team_concert 4.0.0
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_engineering_lifecycle_manager 4.0.0
ibm rational_engineering_lifecycle_manager 4.0.1
ibm rational_engineering_lifecycle_manager 4.0.2
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0.0
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_collaborative_lifecycle_management 3.0.1.6
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_software_architect_design_manager 4.0.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_software_architect_design_manager 6.0.2
ibm rational_doors_next_generation 4.0.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2500F56F-C615-4836-9F6E-44985F898E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBEB328-08B8-41ED-8D80-748948CB2BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6B3E2B-B33D-4FB4-A8CF-0D3C781B371E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2214FC95-71C7-4EB5-B924-9626D663E8FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF24F7E-C48D-42CE-98AD-71F042014B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4377F30-6FDD-4232-92A4-62832E08A934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B494B8-27DC-4FA4-BB86-1FEF51A2FA6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5419531-869F-4389-AF72-18F6E0DF3CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "08EEA77B-8151-407C-A840-6E2334FF962B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC4C9D2-6799-44B5-AEF4-47DD3CC012FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FA0B68-62BE-45B5-A359-1F922BEA587C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED534E3-80EF-40AF-927A-20D59DA7B045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "543CFD7E-E204-436E-A88E-212A368F7AB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F32526-C148-4FCE-B32B-88A8F2BB3A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Rational Collaborative Lifecycle Management 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Quality Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Team Concert 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
    }
  ],
  "id": "CVE-2016-2926",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-25T20:59:06.203",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993444"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/94146"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037276"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037277"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037278"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94146"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037277"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037279"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-27 16:15
Modified
2024-11-21 06:01
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/203172VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/203172VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization 7.0
ibm engineering_lifecycle_optimization 7.0.1
ibm engineering_lifecycle_optimization 7.0.2
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_doors_next_generation 7.0
ibm rational_doors_next_generation 7.0.1
ibm rational_doors_next_generation 7.0.2
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF5602-8FB3-445E-AD29-D340CF0B5C33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E04D01A5-D5B6-481F-89A6-E2D59AB50C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "366A25AA-CB2E-4D9D-9F12-12C4219FAE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Team Server almacenan las credenciales de usuario en texto sin cifrar que puede leer un usuario autenticado. IBM X-Force ID: 203172"
    }
  ],
  "id": "CVE-2021-29786",
  "lastModified": "2024-11-21T06:01:48.893",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-27T16:15:07.567",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203172"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-06-13 19:29
Modified
2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22004534Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/120659VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22004534Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/120659VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.3
ibm rational_doors_next_generation 4.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.3
ibm rational_engineering_lifecycle_manager 4.0
ibm rational_engineering_lifecycle_manager 4.0.1
ibm rational_engineering_lifecycle_manager 4.0.2
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.3
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 6.0.3
ibm rational_software_architect_design_manager 4.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_software_architect_design_manager 6.0.2
ibm rational_software_architect_design_manager 6.0.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B323BB-9966-4BBF-B5EE-44CD9A769A9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E997305-EC48-42C4-9408-EE622818BA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "141B7F93-4A02-4A60-94F1-A6D9A80A4889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "27404EC5-26B2-490E-8211-09783FEF084C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70C56C7-7811-40F6-BBBD-93E022393041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4377F30-6FDD-4232-92A4-62832E08A934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B494B8-27DC-4FA4-BB86-1FEF51A2FA6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61CE7D3E-BF02-44DA-ADAE-5CB0E22492AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D97FEF-5C37-47EC-9B25-F05B9C5B03BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BEB8AD-ACD5-4F5B-8C95-8C1EA8BFE815",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B450B35-5169-4B41-B928-0F22DF55A28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9800CBFC-3169-42CA-BB36-22C34F222FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "543CFD7E-E204-436E-A88E-212A368F7AB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F267A6E4-93BE-43A0-B7EE-04B8143FB0EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659."
    },
    {
      "lang": "es",
      "value": "Jazz Foundation de IBM, podr\u00eda exponer informaci\u00f3n potencialmente confidencial a los usuarios autenticados por medio de condiciones de error de rastreo de pila. ID de IBM X-Force: 120659."
    }
  ],
  "id": "CVE-2017-1099",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-13T19:29:00.237",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004534"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120659"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-03 00:59
Modified
2025-04-12 10:46
Severity ?
4.3 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Team Concert (RTC) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Requirements Composer (RRC) 2.x and 3.x before 3.0.1.6 IF7 and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0; and Rational Software Architect Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote attackers to cause a denial of service via unknown vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21971164Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21971164Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_quality_manager 2.0
ibm rational_quality_manager 2.0.1
ibm rational_quality_manager 3.0
ibm rational_quality_manager 3.0.1
ibm rational_quality_manager 3.0.1.1
ibm rational_quality_manager 3.0.1.2
ibm rational_quality_manager 3.0.1.3
ibm rational_quality_manager 3.0.1.4
ibm rational_quality_manager 3.0.1.5
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_engineering_lifecycle_manager 1.0
ibm rational_engineering_lifecycle_manager 1.0.0.1
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_team_concert 2.0
ibm rational_team_concert 2.0.0.1
ibm rational_team_concert 2.0.0.2
ibm rational_team_concert 3.0
ibm rational_team_concert 3.0.1
ibm rational_team_concert 3.0.1.1
ibm rational_team_concert 3.0.1.2
ibm rational_team_concert 3.0.1.3
ibm rational_team_concert 3.0.1.4
ibm rational_team_concert 3.0.1.5
ibm rational_team_concert 3.0.1.6
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_software_architect_design_manager 3.0
ibm rational_software_architect_design_manager 3.0.0.1
ibm rational_software_architect_design_manager 3.0.1
ibm rational_software_architect_design_manager 4.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_doors_next_generation 4.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_requirements_composer 2.0
ibm rational_requirements_composer 2.0.0.1
ibm rational_requirements_composer 2.0.0.2
ibm rational_requirements_composer 2.0.0.3
ibm rational_requirements_composer 2.0.0.4
ibm rational_requirements_composer 3.0
ibm rational_requirements_composer 3.0.1
ibm rational_requirements_composer 3.0.1.1
ibm rational_requirements_composer 3.0.1.2
ibm rational_requirements_composer 3.0.1.3
ibm rational_requirements_composer 3.0.1.4
ibm rational_requirements_composer 3.0.1.5
ibm rational_requirements_composer 3.0.1.6
ibm rational_requirements_composer 4.0
ibm rational_requirements_composer 4.0.0.1
ibm rational_requirements_composer 4.0.0.2
ibm rational_requirements_composer 4.0.1
ibm rational_requirements_composer 4.0.2
ibm rational_requirements_composer 4.0.3
ibm rational_requirements_composer 4.0.4
ibm rational_requirements_composer 4.0.5
ibm rational_requirements_composer 4.0.6
ibm rational_requirements_composer 4.0.7
ibm rational_rhapsody_design_manager 3.0
ibm rational_rhapsody_design_manager 3.0.0.1
ibm rational_rhapsody_design_manager 3.0.1
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_collaborative_lifecycle_management 3.0.1
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CE0A31B-7A9B-40E6-8648-365D018BA0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71ECC4C2-BF61-47C7-8435-BE71F1AD0A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79E7EF2-5615-4300-BC0D-865DBDC8B46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59EB6D6-2A74-4988-912C-97045647F1ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EAB61F7-B5B4-47E8-8BFD-02F025358781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93D8CAB-0DF0-4A1D-B1A3-78FF892D04AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7204792C-1506-4E95-92CD-098F760FC429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FC134C-08AB-4874-B31D-B08CDF4C2DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1649F910-F8B9-4AAD-9743-C37B8784A771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B30003D-1BF8-414D-9D6D-9D1B90D4EBB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B5AC6B-5DCB-458C-8267-6AF5CC9C3E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D0173BE-F9DE-4566-B060-095203FAACA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4875C452-2466-45F1-8923-00E5340D74D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B15EF2E-A114-4128-85F1-889EDC3F6C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07F4E00-F0BA-4821-B5B4-3C0E9D01AAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80E49B8-8BC4-4150-B86A-A5E474F4E598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6915A8F-05A1-4D39-BF53-0C3F4B155A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E92346D-B1A8-43F8-B2C1-E69A3301560B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F081AEF5-3F0F-4D58-8BBE-EDB9C569CAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "44840CC3-5720-4AF8-B508-67AB5E3E1CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F65519B-90F8-4A17-BA94-FDFDE5BF8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5C2251-FB5D-4775-BDB8-6115732E6615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB05DAD7-F6DB-4441-B9D4-BD0F1BD1DF25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89BE9040-CC37-495C-A05B-FC3DFBC02DC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B450B35-5169-4B41-B928-0F22DF55A28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E997305-EC48-42C4-9408-EE622818BA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E211DC-D0D7-4527-AE87-231A19D58C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20AABE5F-C942-45BB-86A9-C3F2E949D64E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A04D314-F6EB-41B9-945A-D8428D86B655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3717DCFC-1336-45EC-919C-E1CD1B37DA2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC743273-AD4B-4A14-9C0C-23A865A640C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E8B281-4A2E-41E9-8953-9F041030EF65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF24AEA-D261-485F-A7FF-D5DAF033C571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD53B1B-BCD3-4A8D-8FBB-4965FA30D9E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0FA509F-C96E-428C-A69A-7D96E1C219B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0229C996-3960-4A7A-BA2E-03819281CA6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FBFCAE-0324-4C8B-82F4-1EBFA440CB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17099F68-B49C-4433-98B6-7C7FE8846702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D43547B3-1085-48B1-A6D3-32B791EE09FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D3894CB-8DF7-4011-B47F-36485A2A6E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CDFA1C-9C07-4744-95F9-93A2332E2F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D8C43B-C109-44E1-868F-7DC1289D9BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EFFBB5B-8566-45BC-9123-5418821E6EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF2CC2A-232C-43A6-8C9B-E6125C051BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A84EA62-E3F8-4E4C-9FEF-065300C4611A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0232D8EF-1DB3-477D-818C-B79B68406197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8158D2-ECB0-4F89-BE73-568CA213D9B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF445BA2-BD53-43FB-BF1E-58510FC4FF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA18DE5C-904D-4FD0-A479-18314B170ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "890ABCC2-F417-4E6E-A0A8-7D485FAE3FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E21B53E-28C2-4930-88F3-3AADD1BF31B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Team Concert (RTC) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Requirements Composer (RRC) 2.x and 3.x before 3.0.1.6 IF7 and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0; and Rational Software Architect Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote attackers to cause a denial of service via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Jazz Team Server en Jazz Foundation en IBM Rational Collaborative Lifecycle Management (CLM) 3.x y 4.x en versiones anteriores a 4.0.7 IF8 y 5.x en versiones anteriores a 5.0.2 IF10; Rational Quality Manager (RQM) 2.x y 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF8 y 5.x en versiones anteriores a 5.0.2 IF10; Rational Team Concert (RTC) 2.x y 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF8 y 5.x en versiones anteriores a 5.0.2 IF10; Rational Requirements Composer (RRC) 2.x y 3.x en versiones anteriores a 3.0.1.6 IF7 y 4.0 hasta la versi\u00f3n 4.0.7; Rational DOORS Next Generation (RDNG) 4.x en versiones anteriores a 4.0.7 IF8 y 5.x en versiones anteriores a 5.0.2 IF10; Rational Engineering Lifecycle Manager (RELM) 1.0 hasta la versi\u00f3n 1.0.0.1, 4.0.3 hasta la versi\u00f3n 4.0.7 y 5.0 hasta la versi\u00f3n 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 hasta la versi\u00f3n 3.0.1, 4.0 hasta la versi\u00f3n 4.0.7, 5.0 hasta la versi\u00f3n 5.0.2 y 6.0 y Rational Software Architect Design Manager (DM) 3.0 hasta la versi\u00f3n 3.0.1, 4.0 hasta la versi\u00f3n 4.0.7 y 5.0 hasta la versi\u00f3n 5.0.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2015-1971",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-03T00:59:00.113",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971164"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125723.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/125723Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/125723Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125723."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 125723."
    }
  ],
  "id": "CVE-2017-1312",
  "lastModified": "2024-11-21T03:21:41.663",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:00.760",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125723"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-11-27 21:29
Modified
2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22010512Issue Tracking, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/102020Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/131852Issue Tracking, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22010512Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102020Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/131852Issue Tracking, VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.3
ibm rational_team_concert 6.0.4
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.3
ibm rational_doors_next_generation 6.0.4
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.3
ibm rational_engineering_lifecycle_manager 6.0.4
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 6.0.3
ibm rational_rhapsody_design_manager 6.0.4
ibm rational_software_architect_design_manager 4.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B323BB-9966-4BBF-B5EE-44CD9A769A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C98336-97F8-4263-A801-D6F5673CB17A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "141B7F93-4A02-4A60-94F1-A6D9A80A4889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "27404EC5-26B2-490E-8211-09783FEF084C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A158959-BD73-40D2-BB26-537D8ACBF7A9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61CE7D3E-BF02-44DA-ADAE-5CB0E22492AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D97FEF-5C37-47EC-9B25-F05B9C5B03BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1443C0B-D85D-4A8C-AB00-E092097D93EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BEB8AD-ACD5-4F5B-8C95-8C1EA8BFE815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C57DF8BD-34A6-481A-902A-8E1D190201FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B450B35-5169-4B41-B928-0F22DF55A28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9800CBFC-3169-42CA-BB36-22C34F222FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation podr\u00edan permitir que un usuario autenticado obtenga informaci\u00f3n sensible de seguimientos de pila. IBM X-Force ID: 131852."
    }
  ],
  "id": "CVE-2017-1570",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-27T21:29:00.503",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102020"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131852"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-07-05 17:29
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119821.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22004611Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/99352Third Party Advisory, VDB Entry
psirt@us.ibm.comhttp://www.securitytracker.com/id/1038912
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/119821Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22004611Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99352Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038912
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/119821Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.3
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2500F56F-C615-4836-9F6E-44985F898E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBEB328-08B8-41ED-8D80-748948CB2BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B323BB-9966-4BBF-B5EE-44CD9A769A9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119821."
    },
    {
      "lang": "es",
      "value": "IBM Team Concert (RTC) versiones 4.0, 5.0 y 6.0, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, y por lo tanto, alterar la funcionalidad deseada conllevando potencialmente a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 119821."
    }
  ],
  "id": "CVE-2016-9746",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-05T17:29:00.247",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99352"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1038912"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119821"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/95110Technical Description, VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=swg21996097Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/95110Technical Description, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=swg21996097Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-6030",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:01.737",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Technical Description",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95110"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-23 13:29
Modified
2024-11-21 03:22
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22015454Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/134393VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22015454Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/134393VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_team_concert *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D60CEDB8-034B-45E2-9CD6-EDBAC42F8004",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A559F0D7-DFB9-4CBB-8F64-EE7FE1B4DFE5",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8934D3C7-2C1C-4BE0-B3F5-320364879DC3",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393."
    },
    {
      "lang": "es",
      "value": "IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4 y 6.0.5 almacena credenciales para los usuarios mediante un algoritmo de cifrado d\u00e9bil, lo que podr\u00eda permitir que un usuario autenticado obtenga informaci\u00f3n altamente sensible. IBM X-Force ID: 134393."
    }
  ],
  "id": "CVE-2017-1701",
  "lastModified": "2024-11-21T03:22:14.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-23T13:29:00.357",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22015454"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22015454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134393"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-07-05 18:29
Modified
2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22005435Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/119528Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22005435Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/119528Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.3
ibm rational_doors_next_generation 4.0
ibm rational_doors_next_generation 4.0.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.3
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.3
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_rhapsody_design_manager 6.0.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 6.0.3
ibm rational_software_architect_design_manager 4.0
ibm rational_software_architect_design_manager 4.0.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC4C9D2-6799-44B5-AEF4-47DD3CC012FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2500F56F-C615-4836-9F6E-44985F898E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBEB328-08B8-41ED-8D80-748948CB2BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B323BB-9966-4BBF-B5EE-44CD9A769A9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E997305-EC48-42C4-9408-EE622818BA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F32526-C148-4FCE-B32B-88A8F2BB3A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "27404EC5-26B2-490E-8211-09783FEF084C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5419531-869F-4389-AF72-18F6E0DF3CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "08EEA77B-8151-407C-A840-6E2334FF962B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D97FEF-5C37-47EC-9B25-F05B9C5B03BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6B3E2B-B33D-4FB4-A8CF-0D3C781B371E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2214FC95-71C7-4EB5-B924-9626D663E8FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BEB8AD-ACD5-4F5B-8C95-8C1EA8BFE815",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B450B35-5169-4B41-B928-0F22DF55A28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED534E3-80EF-40AF-927A-20D59DA7B045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation podr\u00eda permitir a un atacante autenticado obtener informaci\u00f3n confidencial de los rastreos de la pila de los mensajes de error. IBM X-Force ID: 119528."
    }
  ],
  "id": "CVE-2016-9700",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-05T18:29:00.187",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005435"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119528"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-06-22 18:29
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22004734Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/99189Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/119822VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22004734Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99189Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/119822VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5419531-869F-4389-AF72-18F6E0DF3CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "08EEA77B-8151-407C-A840-6E2334FF962B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "RELM versiones 4.0, 5.0 y 6.0 de IBM, es vulnerable a un problema de tipo cross-site-scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando la funcionalidad deseada conllevando a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-9747",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-22T18:29:00.177",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004734"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99189"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119822"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-24 14:29
Modified
2024-11-21 03:22
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22015635Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/134392VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22015635Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/134392VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F8C5C0-7688-42E8-862B-3CB138274858",
              "versionEndIncluding": "6.0.5",
              "versionStartExcluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64000F3-395D-4826-92DD-DB2489470462",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE15C4BA-1322-4EF3-83D3-F78B9D37E81C",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F767CA4-A024-44A4-A987-17057E1A6245",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B398352-76E1-4727-B34C-620F26CBD5BF",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "886BE49D-114F-4BF7-BE5C-2EEFA44CAFD6",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1428CCDC-D542-4983-B035-66FC28E5FF6A",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B07DA35D-2527-4DE8-97F1-9FC1C48255EE",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B2601D1-4D55-4B4A-9CED-CF736270E63F",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1113669B-B338-4ABD-9A34-B57880020C84",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A559F0D7-DFB9-4CBB-8F64-EE7FE1B4DFE5",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8934D3C7-2C1C-4BE0-B3F5-320364879DC3",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Team Server afecta a los siguientes productos IBM Rational: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM) y Rational Software Architect (RSA DM), que podr\u00edan permitir que un usuario autenticado provoque una denegaci\u00f3n de servicio (DoS) debido a la autorizaci\u00f3n incorrecta para los escenarios que emplean una cantidad intensa de recursos. IBM X-Force ID: 134392."
    }
  ],
  "id": "CVE-2017-1700",
  "lastModified": "2024-11-21T03:22:14.527",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-24T14:29:00.233",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22015635"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22015635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134392"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-07-15 18:59
Modified
2025-04-12 10:46
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed request.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21985865Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/91680
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21985865Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/91680
Impacted products
Vendor Product Version
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_team_concert 6.0.0
ibm rational_team_concert 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBEB328-08B8-41ED-8D80-748948CB2BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed request."
    },
    {
      "lang": "es",
      "value": "El componente GIT Integration en IBM Rational Team Concert (RTC) 5.x en versiones anteriores a 5.0.2 iFix14 y 6.x en versiones anteriores a 6.0.1 iFix5 y Rational Collaborative Lifecycle Management 5.x en versiones anteriores a 5.0.2 iFix14 y 6.x en versiones anteriores a 6.0.1 iFix5 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n mal formada."
    }
  ],
  "id": "CVE-2016-2865",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-15T18:59:07.170",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985865"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/91680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/91680"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-10-02 15:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10732477Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/142956VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10732477Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/142956VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "430B8F05-0B96-409A-AAFD-4F73C3B12AEB",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64000F3-395D-4826-92DD-DB2489470462",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DDB2D08-0405-4BFD-9DBE-0AD8589B18FF",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F767CA4-A024-44A4-A987-17057E1A6245",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B94E0D8-F300-489B-B93F-D523D39339AC",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "886BE49D-114F-4BF7-BE5C-2EEFA44CAFD6",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC59848F-DC84-4972-8E46-BFC3C4A4D744",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B07DA35D-2527-4DE8-97F1-9FC1C48255EE",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B54872-B61C-494F-8571-A4DED9968F6E",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1113669B-B338-4ABD-9A34-B57880020C84",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A559F0D7-DFB9-4CBB-8F64-EE7FE1B4DFE5",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D821046E-96CB-46DF-AAD7-6A42C73C5055",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management, de la versi\u00f3n 5.0 a la 5.02 y desde la versi\u00f3n 6.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 142956."
    }
  ],
  "id": "CVE-2018-1558",
  "lastModified": "2024-11-21T04:00:01.043",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-02T15:29:02.283",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10732477"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10732477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142956"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-27 14:15
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/152157VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/152157VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *
ibm rhapsody_model_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6191DCC1-0B3D-4E9C-A344-F7B1BFFE2088",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F290FC9D-C447-48FC-9B1C-C6E70E547604",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "872DDF37-D4BB-42DB-A902-BFA2E5C4B458",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D478070E-E421-4987-8726-D8BD3C9B641C",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44C1F02-258A-49F2-A610-64F357F42AD5",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFD7DC9-CCC6-4276-87A6-34C72BBF5CDE",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED8AC12E-E329-49BA-A0A4-E3228C1C0EA7",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1 es vulnerable a los scripts entre sitios. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, por lo tanto, alterar la funcionalidad deseada que podr\u00eda llevar a la revelaci\u00f3n de credenciales dentro de una sesi\u00f3n segura. ID de IBM X-Force: 152157."
    }
  ],
  "id": "CVE-2018-1893",
  "lastModified": "2024-11-21T04:00:33.247",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-27T14:15:10.317",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152157"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-19 16:15
Modified
2024-11-21 05:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/198235VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6473141Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/198235VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6473141Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization 7.0
ibm engineering_lifecycle_optimization 7.0.1
ibm engineering_lifecycle_optimization 7.0.2
ibm engineering_requirements_quality_assistant_on-premises -
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 7.0
ibm rational_doors_next_generation 7.0.1
ibm rational_doors_next_generation 7.0.2
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_engineering_lifecycle_manager 7.0.1
ibm rational_engineering_lifecycle_manager 7.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF5602-8FB3-445E-AD29-D340CF0B5C33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E04D01A5-D5B6-481F-89A6-E2D59AB50C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "366A25AA-CB2E-4D9D-9F12-12C4219FAE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D75A41A-B2E2-463C-8B10-56F6473866EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3346A2-D576-48D5-A79A-773F127DB75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2A1FE3-0E4A-4D97-9C3D-923507A732A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 198235"
    }
  ],
  "id": "CVE-2021-20507",
  "lastModified": "2024-11-21T05:46:41.620",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-19T16:15:08.650",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6473141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6473141"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-27 14:15
Modified
2024-11-21 04:00
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/147838VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/147838VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *
ibm rhapsody_model_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6191DCC1-0B3D-4E9C-A344-F7B1BFFE2088",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F290FC9D-C447-48FC-9B1C-C6E70E547604",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "872DDF37-D4BB-42DB-A902-BFA2E5C4B458",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D478070E-E421-4987-8726-D8BD3C9B641C",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44C1F02-258A-49F2-A610-64F357F42AD5",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFD7DC9-CCC6-4276-87A6-34C72BBF5CDE",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED8AC12E-E329-49BA-A0A4-E3228C1C0EA7",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 hasta 6.0.6.1 revela informaci\u00f3n confidencial en mensajes de error que un usuario malicioso puede usar para organizar m\u00e1s ataques. ID de IBM X-Force: 147838."
    }
  ],
  "id": "CVE-2018-1734",
  "lastModified": "2024-11-21T04:00:16.733",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-27T14:15:09.910",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147838"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-06 14:29
Modified
2024-11-21 03:22
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/129719VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715709Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/129719VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715709Permissions Required
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_team_concert *
ibm rational_team_concert 5.0.1
ibm rational_doors_next_generation *
ibm rational_doors_next_generation 5.0.1
ibm rational_quality_manager *
ibm rational_quality_manager 5.0.1
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager 5.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55F41839-16F2-4DF0-851E-4549F906BB70",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C7E065-EAF0-4A4D-B6F8-A2705C287EE7",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "130C05BE-0919-4A40-9F1E-C7AB4D718D05",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C61916-4F4D-4DD3-8F09-F55322767C14",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E0686F-C62F-4A6A-861E-19467C8018A0",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4BE1EAE-1C18-4FC0-A7FB-A58C011CF1F9",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation podr\u00edan permitir que un usuario autenticado obtenga informaci\u00f3n sensible de una traza de pila que se podr\u00eda utilizar para futuros ataques. IBM X-Force ID: 129719."
    }
  ],
  "id": "CVE-2017-1509",
  "lastModified": "2024-11-21T03:22:00.013",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-06T14:29:00.850",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129719"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715709"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129719"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715709"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-08 19:59
Modified
2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21997104Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21997104Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en IBM Jazz Team Server puede revelar alguna informaci\u00f3n de despliegue a un usuario autenticado."
    }
  ],
  "id": "CVE-2016-2866",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-08T19:59:00.247",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997104"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-06 14:29
Modified
2024-11-21 03:21
Severity ?
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/128627VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715709Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/128627VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715709Permissions Required
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_team_concert *
ibm rational_team_concert 5.0.1
ibm rational_doors_next_generation *
ibm rational_doors_next_generation 5.0.1
ibm rational_quality_manager *
ibm rational_quality_manager 5.0.1
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager 5.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55F41839-16F2-4DF0-851E-4549F906BB70",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C7E065-EAF0-4A4D-B6F8-A2705C287EE7",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "130C05BE-0919-4A40-9F1E-C7AB4D718D05",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C61916-4F4D-4DD3-8F09-F55322767C14",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E0686F-C62F-4A6A-861E-19467C8018A0",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4BE1EAE-1C18-4FC0-A7FB-A58C011CF1F9",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad no conocida en los productos comunes de Jazz que podr\u00eda permitir la divulgaci\u00f3n de informaci\u00f3n. IBM X-Force ID: 128627."
    }
  ],
  "id": "CVE-2017-1488",
  "lastModified": "2024-11-21T03:21:57.507",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-06T14:29:00.803",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128627"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715709"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715709"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-03-15 22:29
Modified
2024-11-21 02:36
Severity ?
4.8 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote authenticated users with project administrator privileges to inject arbitrary web script or HTML via a crafted project. IBM X-Force ID: 108429.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21982747Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/108429VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21982747Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/108429VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.1
ibm rational_requirements_composer *
ibm rational_requirements_composer *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0.0
ibm rational_doors_next_generation 6.0.1
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0
ibm rational_software_architect_design_manager 6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5103D1D-DC6C-40CE-8092-5102E8F10A6E",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "3.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEF02561-E60D-4577-B4AB-D2085B3599F1",
              "versionEndIncluding": "3.0.1.6",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1C422A-3D5F-48B1-BC6E-954D1AFA34F9",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "748629D9-94EA-4A8C-84D9-16AD00442C05",
              "versionEndIncluding": "3.0.6",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CDEB94-002E-479A-A055-F3FD38D3AE41",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23C054AA-DA70-431C-A410-01671854C0D0",
              "versionEndIncluding": "3.0.1.6",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CAE640E-7342-44B0-8C02-97EE71ECAD91",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B3D3092-A570-45DE-9CD4-72E01787D189",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F32526-C148-4FCE-B32B-88A8F2BB3A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA536CF-BF5F-42F1-8F7A-7850E4AC9319",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61CE7D3E-BF02-44DA-ADAE-5CB0E22492AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19611ED3-74F3-4124-A334-09A66A9274A9",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D29F101-F08E-42A1-B7F2-1BD982F81221",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9800CBFC-3169-42CA-BB36-22C34F222FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote authenticated users with project administrator privileges to inject arbitrary web script or HTML via a crafted project. IBM X-Force ID: 108429."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad Cross-Site Scripting (XSS) en IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x anteriores a 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6 y 4.0.7 anteriores a iFix10, 5.0.x anteriores a 5.0.2 iFix1 y 6.0.x anteriores a 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4 permiten que los usuarios autenticados remotos con privilegios de administrador del proyecto inyecten scripts web o HTML arbitrarios mediante un proyecto manipulado. IBM X-Force ID: 108429."
    }
  ],
  "id": "CVE-2015-7471",
  "lastModified": "2024-11-21T02:36:51.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-15T22:29:00.433",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108429"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-03-23 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136006.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22014815Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/103477Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/136006VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22014815Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103477Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/136006VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F04AB63-431B-4AB3-B8B0-48664B7340CC",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1C422A-3D5F-48B1-BC6E-954D1AFA34F9",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "886BE49D-114F-4BF7-BE5C-2EEFA44CAFD6",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1428CCDC-D542-4983-B035-66FC28E5FF6A",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CDEB94-002E-479A-A055-F3FD38D3AE41",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A559F0D7-DFB9-4CBB-8F64-EE7FE1B4DFE5",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8934D3C7-2C1C-4BE0-B3F5-320364879DC3",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E769AC93-2F4C-4ADC-8228-B5C82FC445A1",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64000F3-395D-4826-92DD-DB2489470462",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "130C05BE-0919-4A40-9F1E-C7AB4D718D05",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA536CF-BF5F-42F1-8F7A-7850E4AC9319",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F767CA4-A024-44A4-A987-17057E1A6245",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B398352-76E1-4727-B34C-620F26CBD5BF",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19611ED3-74F3-4124-A334-09A66A9274A9",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B07DA35D-2527-4DE8-97F1-9FC1C48255EE",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B2601D1-4D55-4B4A-9CED-CF736270E63F",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D29F101-F08E-42A1-B7F2-1BD982F81221",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1113669B-B338-4ABD-9A34-B57880020C84",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA82CE3A-560B-4D43-98B9-BD9EF9E8DFE6",
              "versionEndIncluding": "6.0.1",
              "versionStartExcluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136006."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 y 6.0) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 136006."
    }
  ],
  "id": "CVE-2017-1762",
  "lastModified": "2024-11-21T03:22:19.840",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-23T19:29:00.447",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103477"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136006"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/124758VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/124758VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Permissions Required
Impacted products
Vendor Product Version
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 124758."
    }
  ],
  "id": "CVE-2017-1280",
  "lastModified": "2024-11-21T03:21:37.817",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:00.467",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124758"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-27 16:15
Modified
2024-11-21 06:01
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/200967VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/200967VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization 7.0
ibm engineering_lifecycle_optimization 7.0.1
ibm engineering_lifecycle_optimization 7.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_collaborative_lifecycle_management 7.0.1
ibm rational_collaborative_lifecycle_management 7.0.2
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_engineering_lifecycle_manager 7.0.1
ibm rational_engineering_lifecycle_manager 7.0.2
ibm rational_team_concert 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF5602-8FB3-445E-AD29-D340CF0B5C33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E04D01A5-D5B6-481F-89A6-E2D59AB50C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "366A25AA-CB2E-4D9D-9F12-12C4219FAE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7AF0121-310F-4872-82F7-5A914E4F3BFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF73C9F4-69B5-4F57-839A-5622FCCDD776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3346A2-D576-48D5-A79A-773F127DB75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2A1FE3-0E4A-4D97-9C3D-923507A732A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A347BB4B-5E33-4F4E-9BDB-476DC2F79268",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable"
    }
  ],
  "id": "CVE-2021-29713",
  "lastModified": "2024-11-21T06:01:41.003",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-27T16:15:07.470",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200967"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134637.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/134637VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/134637VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Permissions Required
Impacted products
Vendor Product Version
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134637."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 134637."
    }
  ],
  "id": "CVE-2017-1715",
  "lastModified": "2024-11-21T03:22:15.530",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:01.653",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134637"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-02 19:15
Modified
2024-11-21 05:32
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/183314VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6325343Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/183314VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6325343Vendor Advisory
Impacted products
Vendor Product Version
ibm doors_next 7.0
ibm engineering_requirements_management_doors_next 7.0.1
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm eni 7.0
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0363B97-BA15-49D0-A28B-2EE000AD5B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:eni:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C3EC655-99F2-4DA2-A5D9-3F858562F63A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314."
    },
    {
      "lang": "es",
      "value": "Las Aplicaciones basadas en IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 183314"
    }
  ],
  "id": "CVE-2020-4546",
  "lastModified": "2024-11-21T05:32:52.733",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-02T19:15:18.390",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183314"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6325343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183314"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6325343"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-11-27 21:29
Modified
2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22010512Issue Tracking, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/116868Issue Tracking, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22010512Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/116868Issue Tracking, VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.3
ibm rational_team_concert 6.0.4
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.3
ibm rational_doors_next_generation 6.0.4
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.3
ibm rational_engineering_lifecycle_manager 6.0.4
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 6.0.3
ibm rational_rhapsody_design_manager 6.0.4
ibm rational_software_architect_design_manager 4.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B323BB-9966-4BBF-B5EE-44CD9A769A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C98336-97F8-4263-A801-D6F5673CB17A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "141B7F93-4A02-4A60-94F1-A6D9A80A4889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "27404EC5-26B2-490E-8211-09783FEF084C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A158959-BD73-40D2-BB26-537D8ACBF7A9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61CE7D3E-BF02-44DA-ADAE-5CB0E22492AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D97FEF-5C37-47EC-9B25-F05B9C5B03BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1443C0B-D85D-4A8C-AB00-E092097D93EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BEB8AD-ACD5-4F5B-8C95-8C1EA8BFE815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C57DF8BD-34A6-481A-902A-8E1D190201FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B450B35-5169-4B41-B928-0F22DF55A28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9800CBFC-3169-42CA-BB36-22C34F222FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868."
    },
    {
      "lang": "es",
      "value": "Los productos basados en la tecnolog\u00eda IBM Jazz podr\u00edan divulgar informaci\u00f3n que podr\u00eda ser \u00fatil para ayudar a los atacantes a trav\u00e9s de mensajes de error. IBM X-Force ID: 116868."
    }
  ],
  "id": "CVE-2016-6024",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-27T21:29:00.220",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116868"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-03-23 19:29
Modified
2024-11-21 03:22
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22014815Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/103477Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/132625VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22014815Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103477Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/132625VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation 5.0.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager 5.0.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager 5.0.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager 5.0.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "257BF4B4-97A1-4893-B1EA-4CE1D1C68E0C",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92A37B81-7F7D-4942-8FAB-CDAAAA00C524",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C61916-4F4D-4DD3-8F09-F55322767C14",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3F0FEE7-6D74-494E-9081-D4942FE17CEB",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C7E065-EAF0-4A4D-B6F8-A2705C287EE7",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E769AC93-2F4C-4ADC-8228-B5C82FC445A1",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "130C05BE-0919-4A40-9F1E-C7AB4D718D05",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA536CF-BF5F-42F1-8F7A-7850E4AC9319",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4BE1EAE-1C18-4FC0-A7FB-A58C011CF1F9",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5419531-869F-4389-AF72-18F6E0DF3CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19611ED3-74F3-4124-A334-09A66A9274A9",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E0686F-C62F-4A6A-861E-19467C8018A0",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6B3E2B-B33D-4FB4-A8CF-0D3C781B371E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9DA362-C185-4467-B0BC-20703EAE5D69",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED534E3-80EF-40AF-927A-20D59DA7B045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625."
    },
    {
      "lang": "es",
      "value": "IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 y 6.0) podr\u00eda permitir a un usuario autenticado acceder a ajustes para los que no deber\u00eda estar autorizado mediante una URL especialmente manipulada. IBM X-Force ID: 132625."
    }
  ],
  "id": "CVE-2017-1602",
  "lastModified": "2024-11-21T03:22:07.950",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-23T19:29:00.277",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103477"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132625"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132625"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-552"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-08 19:59
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21997104Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21997104Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM Rational Team Concert 4.0, 5.0 y 6.0 es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz Web alterando as\u00ed la funcionalidad intencionada conduciendo potencialmente a la divulgaci\u00f3n de credenciales en una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-6032",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-08T19:59:00.277",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997104"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-11-24 19:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21991478Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/94542
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21991478Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94542
Impacted products
Vendor Product Version
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0.0
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_engineering_lifecycle_manager 4.0.0
ibm rational_engineering_lifecycle_manager 4.0.1
ibm rational_engineering_lifecycle_manager 4.0.2
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_team_concert 3.0.1.6
ibm rational_team_concert 4.0.0
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_collaborative_lifecycle_management 3.0.1.6
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_doors_next_generation 4.0.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_software_architect_design_manager 4.0.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_software_architect_design_manager 6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC4C9D2-6799-44B5-AEF4-47DD3CC012FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF24F7E-C48D-42CE-98AD-71F042014B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4377F30-6FDD-4232-92A4-62832E08A934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B494B8-27DC-4FA4-BB86-1FEF51A2FA6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5419531-869F-4389-AF72-18F6E0DF3CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "08EEA77B-8151-407C-A840-6E2334FF962B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2500F56F-C615-4836-9F6E-44985F898E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBEB328-08B8-41ED-8D80-748948CB2BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FA0B68-62BE-45B5-A359-1F922BEA587C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6B3E2B-B33D-4FB4-A8CF-0D3C781B371E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2214FC95-71C7-4EB5-B924-9626D663E8FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F32526-C148-4FCE-B32B-88A8F2BB3A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED534E3-80EF-40AF-927A-20D59DA7B045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "543CFD7E-E204-436E-A88E-212A368F7AB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Rational Collaborative Lifecycle Management 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Team Concert 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
    }
  ],
  "id": "CVE-2016-2864",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-24T19:59:11.267",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/94542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94542"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-11-27 21:29
Modified
2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22010682Issue Tracking, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/124631Issue Tracking, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22010682Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/124631Issue Tracking, VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.3
ibm rational_team_concert 6.0.4
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.3
ibm rational_doors_next_generation 6.0.4
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.3
ibm rational_engineering_lifecycle_manager 6.0.4
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 6.0.3
ibm rational_rhapsody_design_manager 6.0.4
ibm rational_software_architect_design_manager 4.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B323BB-9966-4BBF-B5EE-44CD9A769A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C98336-97F8-4263-A801-D6F5673CB17A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "141B7F93-4A02-4A60-94F1-A6D9A80A4889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "27404EC5-26B2-490E-8211-09783FEF084C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A158959-BD73-40D2-BB26-537D8ACBF7A9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61CE7D3E-BF02-44DA-ADAE-5CB0E22492AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D97FEF-5C37-47EC-9B25-F05B9C5B03BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1443C0B-D85D-4A8C-AB00-E092097D93EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BEB8AD-ACD5-4F5B-8C95-8C1EA8BFE815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C57DF8BD-34A6-481A-902A-8E1D190201FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B450B35-5169-4B41-B928-0F22DF55A28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9800CBFC-3169-42CA-BB36-22C34F222FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no revelada en aplicaciones CLM podr\u00eda resultar en que algunos par\u00e1metros de implementaci\u00f3n administrativa se muestren al atacante. IBM X-Force ID: 124631."
    }
  ],
  "id": "CVE-2017-1251",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-27T21:29:00.317",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22010682"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22010682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124631"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/95111Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=swg21996097Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/95111Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=swg21996097Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view."
    },
    {
      "lang": "es",
      "value": "Los productos basados en tecnolog\u00eda IBM Jazz podr\u00edan permitir a un atacante ver los t\u00edtulos de art\u00edculos de trabajo que ellos no tienen privilegios para ver."
    }
  ],
  "id": "CVE-2016-6028",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:01.707",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95111"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-28 13:15
Modified
2024-11-21 05:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/192957VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6475919Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/192957VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6475919Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization_-_engineering_insights 7.0
ibm engineering_lifecycle_optimization_-_engineering_insights 7.0.1
ibm engineering_lifecycle_optimization_-_engineering_insights 7.0.2
ibm engineering_requirements_quality_assistant_on-premises *
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_doors_next_generation 7.0
ibm rational_doors_next_generation 7.0.1
ibm rational_doors_next_generation 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Jazz Foundation son vulnerables al cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario de la web, alterando as\u00ed la funcionalidad prevista y llevando potencialmente a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. ID de IBM X-Force: 192957"
    }
  ],
  "id": "CVE-2020-5004",
  "lastModified": "2024-11-21T05:33:32.477",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-28T13:15:08.150",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6475919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6475919"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-03-23 19:29
Modified
2024-11-21 03:22
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22014815Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/103477Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/129970VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22014815Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103477Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/129970VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation 5.0.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager 5.0.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager 5.0.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager 5.0.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "257BF4B4-97A1-4893-B1EA-4CE1D1C68E0C",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92A37B81-7F7D-4942-8FAB-CDAAAA00C524",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1428CCDC-D542-4983-B035-66FC28E5FF6A",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3F0FEE7-6D74-494E-9081-D4942FE17CEB",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C7E065-EAF0-4A4D-B6F8-A2705C287EE7",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E769AC93-2F4C-4ADC-8228-B5C82FC445A1",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "130C05BE-0919-4A40-9F1E-C7AB4D718D05",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA536CF-BF5F-42F1-8F7A-7850E4AC9319",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4BE1EAE-1C18-4FC0-A7FB-A58C011CF1F9",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5419531-869F-4389-AF72-18F6E0DF3CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19611ED3-74F3-4124-A334-09A66A9274A9",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E0686F-C62F-4A6A-861E-19467C8018A0",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6B3E2B-B33D-4FB4-A8CF-0D3C781B371E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9DA362-C185-4467-B0BC-20703EAE5D69",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED534E3-80EF-40AF-927A-20D59DA7B045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 y 6.0) podr\u00eda permitir que un usuario autenticado obtenga informaci\u00f3n sensible de una petici\u00f3n HTTP especialmente manipulada que podr\u00eda emplear como ayuda para futuros ataques. IBM X-Force ID: 129970."
    }
  ],
  "id": "CVE-2017-1524",
  "lastModified": "2024-11-21T03:22:01.087",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-23T19:29:00.230",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103477"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129970"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-24 14:29
Modified
2024-11-21 03:22
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) contain an undisclosed vulnerability with the potential for information disclosure. IBM X-Force ID: 134820.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22015635Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/134820VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22015635Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/134820VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F8C5C0-7688-42E8-862B-3CB138274858",
              "versionEndIncluding": "6.0.5",
              "versionStartExcluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64000F3-395D-4826-92DD-DB2489470462",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE15C4BA-1322-4EF3-83D3-F78B9D37E81C",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F767CA4-A024-44A4-A987-17057E1A6245",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B398352-76E1-4727-B34C-620F26CBD5BF",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "886BE49D-114F-4BF7-BE5C-2EEFA44CAFD6",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1428CCDC-D542-4983-B035-66FC28E5FF6A",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B07DA35D-2527-4DE8-97F1-9FC1C48255EE",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B2601D1-4D55-4B4A-9CED-CF736270E63F",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1113669B-B338-4ABD-9A34-B57880020C84",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A559F0D7-DFB9-4CBB-8F64-EE7FE1B4DFE5",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8934D3C7-2C1C-4BE0-B3F5-320364879DC3",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) contain an undisclosed vulnerability with the potential for information disclosure. IBM X-Force ID: 134820."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Team Server afecta a los siguientes productos IBM Rational: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM) y Rational Software Architect (RSA DM) contienen una vulnerabilidad no revelada que tiene el potencial de provocar una divulgaci\u00f3n de informaci\u00f3n. IBM X-Force ID: 134820."
    }
  ],
  "id": "CVE-2017-1725",
  "lastModified": "2024-11-21T03:22:16.510",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-24T14:29:00.310",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22015635"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22015635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134820"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-03-02 04:57
Modified
2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21664566Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90895
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21664566Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/90895
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 3.0.0
ibm rational_collaborative_lifecycle_management 3.0.1
ibm rational_collaborative_lifecycle_management 3.0.1.1
ibm rational_collaborative_lifecycle_management 3.0.1.2
ibm rational_collaborative_lifecycle_management 3.0.1.3
ibm rational_collaborative_lifecycle_management 3.0.1.4
ibm rational_collaborative_lifecycle_management 3.0.1.5
ibm rational_collaborative_lifecycle_management 3.0.1.6
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9641F4-846F-4FB0-BE40-F30972C87D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E21B53E-28C2-4930-88F3-3AADD1BF31B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF2CAB1D-B5AB-42D2-8F35-52C6F64EC0FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "71816D92-AC01-4F7D-A878-7280175BB422",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D17CA5-2B63-4914-9DBF-5861F69B5238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D3B001F-0031-4BED-9A49-B9589EC9E5CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8CED8F4-22A6-4945-A21F-0D399BE661F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FA0B68-62BE-45B5-A359-1F922BEA587C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Jazz Team Server en IBM Rational Collaborative Lifecycle Management (CLM) 3.x anterior a 3.0.1.6 iFix 2 y 4.x anterior a 4.0.6 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2014-0862",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-03-02T04:57:25.777",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664566"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90895"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124750.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/124750VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/124750VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Permissions Required
Impacted products
Vendor Product Version
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124750."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 124750."
    }
  ],
  "id": "CVE-2017-1275",
  "lastModified": "2024-11-21T03:21:37.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:00.370",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124750"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-03-14 22:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150427.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10875318Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/107433Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/150427VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10875318Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107433Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/150427VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "430B8F05-0B96-409A-AAFD-4F73C3B12AEB",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35C8771-5A65-4497-842A-7FE25EEBB82C",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150427."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager, desde la versi\u00f3n 5.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 150427."
    }
  ],
  "id": "CVE-2018-1824",
  "lastModified": "2024-11-21T04:00:27.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-14T22:29:00.617",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107433"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150427"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150427"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-27 14:15
Modified
2024-11-21 04:43
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10956525Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/157384VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10956525Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/157384VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6191DCC1-0B3D-4E9C-A344-F7B1BFFE2088",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F290FC9D-C447-48FC-9B1C-C6E70E547604",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "872DDF37-D4BB-42DB-A902-BFA2E5C4B458",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D478070E-E421-4987-8726-D8BD3C9B641C",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44C1F02-258A-49F2-A610-64F357F42AD5",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFD7DC9-CCC6-4276-87A6-34C72BBF5CDE",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1) podr\u00edan permitirle a un usuario identificado obtener informaci\u00f3n confidencial de las aplicaciones CLM que podr\u00edan usarse en futuros ataques contra el sistema. ID de IBM X-Force: 157384."
    }
  ],
  "id": "CVE-2019-4084",
  "lastModified": "2024-11-21T04:43:08.577",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-27T14:15:10.580",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157384"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-27 16:15
Modified
2024-11-21 06:01
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/199482VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/199482VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6508583Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization 7.0.1
ibm engineering_lifecycle_optimization 7.0.2
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_doors_next_generation 7.0
ibm rational_doors_next_generation 7.0.1
ibm rational_doors_next_generation 7.0.2
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.6
ibm rational_team_concert 7.0
ibm rational_team_concert 7.0.1
ibm rational_team_concert 7.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E04D01A5-D5B6-481F-89A6-E2D59AB50C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "366A25AA-CB2E-4D9D-9F12-12C4219FAE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A347BB4B-5E33-4F4E-9BDB-476DC2F79268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6259548-A565-4693-8F8E-DB7EEAFE107B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "242C5CDC-9B7F-41E6-B8FC-9D6CBC11D725",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 199482"
    }
  ],
  "id": "CVE-2021-29673",
  "lastModified": "2024-11-21T06:01:37.417",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-27T16:15:07.420",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199482"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6508583"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-10-22 03:59
Modified
2025-04-12 10:46
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21989735Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/93824
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21989735Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/93824
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted \"HTML request.\""
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager (RQM) y Rational Collaborative Lifecycle Management 3.0.1.6 en versiones anteriores a iFix8, 4.x en versiones anteriores a 4.0.7 iFix11, 5.x en versiones anteriores a 5.0.2 iFix17 y 6.x en versiones anteriores a 6.0.1 ifix3 permiten a usuarios remotos autenticados ejecutar comandos del SO arbitrarios a trav\u00e9s de una \"petici\u00f3n HTML\" manipulada."
    }
  ],
  "id": "CVE-2016-0326",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-22T03:59:08.720",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989735"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/93824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989735"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93824"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125725.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/125725Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/125725Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125725."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 125725."
    }
  ],
  "id": "CVE-2017-1314",
  "lastModified": "2024-11-21T03:21:41.920",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:00.887",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125725"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-07-05 17:29
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22004611Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/99352Third Party Advisory, VDB Entry
psirt@us.ibm.comhttp://www.securitytracker.com/id/1038912
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/119762Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22004611Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99352Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038912
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/119762Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.3
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2500F56F-C615-4836-9F6E-44985F898E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBEB328-08B8-41ED-8D80-748948CB2BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B323BB-9966-4BBF-B5EE-44CD9A769A9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762."
    },
    {
      "lang": "es",
      "value": "IBM Team Concert (RTC) versiones 4.0, 5.0 y 6.0, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, y por lo tanto, alterar la funcionalidad deseada conllevando potencialmente a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 119762."
    }
  ],
  "id": "CVE-2016-9733",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-05T17:29:00.217",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99352"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1038912"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119762"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-16 19:29
Modified
2024-11-21 02:41
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21983720Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/109693VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21983720Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/109693VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_quality_manager 3.0
ibm rational_quality_manager 3.0.1
ibm rational_quality_manager 3.0.1.1
ibm rational_quality_manager 3.0.1.2
ibm rational_quality_manager 3.0.1.3
ibm rational_quality_manager 3.0.1.4
ibm rational_quality_manager 3.0.1.5
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_requirements_composer 3.0
ibm rational_requirements_composer 3.0.1
ibm rational_requirements_composer 3.0.1.1
ibm rational_requirements_composer 3.0.1.2
ibm rational_requirements_composer 3.0.1.3
ibm rational_requirements_composer 3.0.1.4
ibm rational_requirements_composer 3.0.1.5
ibm rational_requirements_composer 3.0.1.6
ibm rational_requirements_composer 4.0
ibm rational_requirements_composer 4.0.1
ibm rational_requirements_composer 4.0.2
ibm rational_requirements_composer 4.0.3
ibm rational_requirements_composer 4.0.4
ibm rational_requirements_composer 4.0.5
ibm rational_requirements_composer 4.0.6
ibm rational_requirements_composer 4.0.7
ibm rational_doors_next_generation 4.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0
ibm rational_doors_next_generation 6.0.1
ibm rational_team_concert 3.0
ibm rational_team_concert 3.0.1
ibm rational_team_concert 3.0.1.1
ibm rational_team_concert 3.0.1.2
ibm rational_team_concert 3.0.1.3
ibm rational_team_concert 3.0.1.4
ibm rational_team_concert 3.0.1.5
ibm rational_team_concert 3.0.1.6
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.1
ibm rational_collaborative_lifecycle_management 3.0.1
ibm rational_collaborative_lifecycle_management 3.0.1.1
ibm rational_collaborative_lifecycle_management 3.0.1.2
ibm rational_collaborative_lifecycle_management 3.0.1.3
ibm rational_collaborative_lifecycle_management 3.0.1.4
ibm rational_collaborative_lifecycle_management 3.0.1.5
ibm rational_collaborative_lifecycle_management 3.0.1.6
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_software_architect_design_manager 4.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0
ibm rational_software_architect_design_manager 6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79E7EF2-5615-4300-BC0D-865DBDC8B46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59EB6D6-2A74-4988-912C-97045647F1ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EAB61F7-B5B4-47E8-8BFD-02F025358781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93D8CAB-0DF0-4A1D-B1A3-78FF892D04AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7204792C-1506-4E95-92CD-098F760FC429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FC134C-08AB-4874-B31D-B08CDF4C2DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1649F910-F8B9-4AAD-9743-C37B8784A771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E8B281-4A2E-41E9-8953-9F041030EF65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF24AEA-D261-485F-A7FF-D5DAF033C571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD53B1B-BCD3-4A8D-8FBB-4965FA30D9E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0FA509F-C96E-428C-A69A-7D96E1C219B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0229C996-3960-4A7A-BA2E-03819281CA6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FBFCAE-0324-4C8B-82F4-1EBFA440CB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17099F68-B49C-4433-98B6-7C7FE8846702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D43547B3-1085-48B1-A6D3-32B791EE09FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D3894CB-8DF7-4011-B47F-36485A2A6E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EFFBB5B-8566-45BC-9123-5418821E6EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF2CC2A-232C-43A6-8C9B-E6125C051BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A84EA62-E3F8-4E4C-9FEF-065300C4611A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0232D8EF-1DB3-477D-818C-B79B68406197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8158D2-ECB0-4F89-BE73-568CA213D9B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E997305-EC48-42C4-9408-EE622818BA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "141B7F93-4A02-4A60-94F1-A6D9A80A4889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07F4E00-F0BA-4821-B5B4-3C0E9D01AAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80E49B8-8BC4-4150-B86A-A5E474F4E598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6915A8F-05A1-4D39-BF53-0C3F4B155A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E92346D-B1A8-43F8-B2C1-E69A3301560B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F081AEF5-3F0F-4D58-8BBE-EDB9C569CAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "44840CC3-5720-4AF8-B508-67AB5E3E1CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F65519B-90F8-4A17-BA94-FDFDE5BF8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E21B53E-28C2-4930-88F3-3AADD1BF31B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF2CAB1D-B5AB-42D2-8F35-52C6F64EC0FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "71816D92-AC01-4F7D-A878-7280175BB422",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D17CA5-2B63-4914-9DBF-5861F69B5238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D3B001F-0031-4BED-9A49-B9589EC9E5CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8CED8F4-22A6-4945-A21F-0D399BE661F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FA0B68-62BE-45B5-A359-1F922BEA587C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61CE7D3E-BF02-44DA-ADAE-5CB0E22492AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B450B35-5169-4B41-B928-0F22DF55A28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9800CBFC-3169-42CA-BB36-22C34F222FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XEE (XML External Entity) en IBM Rational Team Concert 3.0 en versiones anteriores a la 3.0.1.6 iFix7 Interim Fix 1, 4.0 en versiones anteriores a la 4.0.7 iFix10, 5.0 en versiones anteriores a la 5.0.2 iFix15 y 6.0 en versiones anteriores a la 6.0.1 iFix4 permite que usuarios autenticados remotos provoquen una denegaci\u00f3n de servicio (DoS) mediante datos XML manipulados. IBM X-Force ID: 109693."
    }
  ],
  "id": "CVE-2016-0219",
  "lastModified": "2024-11-21T02:41:17.927",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-16T19:29:00.963",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983720"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/109693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/109693"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-03-14 22:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150428.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10875318Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/107433Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/150428VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10875318Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107433Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/150428VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "430B8F05-0B96-409A-AAFD-4F73C3B12AEB",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35C8771-5A65-4497-842A-7FE25EEBB82C",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150428."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager, desde la versi\u00f3n 5.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 150428."
    }
  ],
  "id": "CVE-2018-1825",
  "lastModified": "2024-11-21T04:00:27.797",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-14T22:29:00.680",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107433"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150428"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-27 14:15
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/150430VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/150430VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *
ibm rhapsody_model_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6191DCC1-0B3D-4E9C-A344-F7B1BFFE2088",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F290FC9D-C447-48FC-9B1C-C6E70E547604",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "872DDF37-D4BB-42DB-A902-BFA2E5C4B458",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D478070E-E421-4987-8726-D8BD3C9B641C",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44C1F02-258A-49F2-A610-64F357F42AD5",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFD7DC9-CCC6-4276-87A6-34C72BBF5CDE",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED8AC12E-E329-49BA-A0A4-E3228C1C0EA7",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1 es vulnerable a los scripts entre sitios. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, por lo tanto, alterar la funcionalidad deseada que podr\u00eda llevar a la revelaci\u00f3n de credenciales dentro de una sesi\u00f3n segura. ID de IBM X-Force: 150430."
    }
  ],
  "id": "CVE-2018-1827",
  "lastModified": "2024-11-21T04:00:28.063",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-27T14:15:10.143",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150430"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132928.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/132928Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/132928Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132928."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 132928."
    }
  ],
  "id": "CVE-2017-1608",
  "lastModified": "2024-11-21T03:22:08.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:01.357",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132928"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-06 14:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10716201Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/124524VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10716201Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/124524VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_collaborative_lifecycle_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "886BE49D-114F-4BF7-BE5C-2EEFA44CAFD6",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1428CCDC-D542-4983-B035-66FC28E5FF6A",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91C31818-990D-4CA2-8AB1-3039E447F2E8",
              "versionEndIncluding": "6.0.3",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site. IBM X-Force ID: 124524."
    },
    {
      "lang": "es",
      "value": "IBM Quality Manager (RQM) en versiones 5.0.x y desde la 6.0 hasta la 6.0.5 es vulnerable a inyecci\u00f3n HTML. Un atacante remoto podr\u00eda ejecutar c\u00f3digo HTML malicioso que, cuando se visualiza, se ejecutar\u00eda en el navegador web de la v\u00edctima en el contexto de seguridad del sitio anfitri\u00f3n. IBM X-Force ID: 124524."
    }
  ],
  "id": "CVE-2017-1242",
  "lastModified": "2024-11-21T03:21:34.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-06T14:29:00.663",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124524"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-03-20 21:29
Modified
2024-11-21 02:36
Severity ?
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21985143Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/108221VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21985143Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/108221VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_team_concert *
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_requirements_composer *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation 5.0.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager 5.0.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager 5.0.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager 5.0.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_software_architect_design_manager 6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E92B99E0-113A-4CA9-822E-1F39D6744E13",
              "versionEndIncluding": "6.0.2",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92A37B81-7F7D-4942-8FAB-CDAAAA00C524",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3F0FEE7-6D74-494E-9081-D4942FE17CEB",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBEB328-08B8-41ED-8D80-748948CB2BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7063EE3-2DAD-40B5-B2EE-3DD5772460FF",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA43F972-8B12-4AE8-92EA-10B5CCE8145E",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F32526-C148-4FCE-B32B-88A8F2BB3A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA536CF-BF5F-42F1-8F7A-7850E4AC9319",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5419531-869F-4389-AF72-18F6E0DF3CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "08EEA77B-8151-407C-A840-6E2334FF962B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19611ED3-74F3-4124-A334-09A66A9274A9",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6B3E2B-B33D-4FB4-A8CF-0D3C781B371E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2214FC95-71C7-4EB5-B924-9626D663E8FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9DA362-C185-4467-B0BC-20703EAE5D69",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED534E3-80EF-40AF-927A-20D59DA7B045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "543CFD7E-E204-436E-A88E-212A368F7AB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Team Concert (RTC) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Requirements Composer (RRC) 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7 before iFix1, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2 allow local users to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 108221."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management (CLM) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, versiones 6.0.x anteriores a la 6.0.1 iFix5 y versiones 6.0.2 anteriores a la iFix2; Rational Quality Manager (RQM) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, versiones 6.0.x anteriores a la 6.0.1 iFix5 y versiones 6.0.2 anteriores a la iFix2; Rational Team Concert (RTC) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, versiones 6.0.x anteriores a la 6.0.1 iFix5 y versiones 6.0.2 anteriores a la iFix2; Rational Requirements Composer (RRC) en versiones 4.0.x anteriores a la 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, versiones 6.0.x anteriores a la 6.0.1 iFix5 y versiones 6.0.2 anteriores a la iFix2; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6 y versiones 4.0.7 anteriores a iFix1, versiones 5.0.x anteriores a la 5.0.2 iFix1 y versiones 6.0.x anteriores a la 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Software Architect Design Manager (RSA DM) en versiones 4.0.x anteriores a la 4.0.7 iFix10, versiones 5.0.x anteriores a la 5.0.2 iFix15, versiones 6.0.x anteriores a la 6.0.1 iFix5 y en versiones 6.0.2 anteriores a iFix2 podr\u00edan permitir que los usuarios locales obtengan informaci\u00f3n sensible aprovechando el cifrado d\u00e9bil. IBM X-Force ID: 108221."
    }
  ],
  "id": "CVE-2015-7449",
  "lastModified": "2024-11-21T02:36:48.630",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-20T21:29:00.827",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985143"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108221"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-06 14:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124356.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10716201Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/124356VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10716201Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/124356VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_collaborative_lifecycle_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "886BE49D-114F-4BF7-BE5C-2EEFA44CAFD6",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1428CCDC-D542-4983-B035-66FC28E5FF6A",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91C31818-990D-4CA2-8AB1-3039E447F2E8",
              "versionEndIncluding": "6.0.3",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124356."
    },
    {
      "lang": "es",
      "value": "IBM Quality Manager (RQM) en versiones 5.0.x y desde la 6.0 hasta la 6.0.5 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 124356."
    }
  ],
  "id": "CVE-2017-1238",
  "lastModified": "2024-11-21T03:21:33.847",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-06T14:29:00.567",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124356"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125161.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/125161VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/125161VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Permissions Required
Impacted products
Vendor Product Version
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125161."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 125161."
    }
  ],
  "id": "CVE-2017-1299",
  "lastModified": "2024-11-21T03:21:40.240",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:00.653",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125161"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125460.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/125460VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/125460VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Permissions Required
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125460."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 125460."
    }
  ],
  "id": "CVE-2017-1306",
  "lastModified": "2024-11-21T03:21:41.063",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:00.717",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125460"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125728.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/125728Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/125728Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125728."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 125728."
    }
  ],
  "id": "CVE-2017-1316",
  "lastModified": "2024-11-21T03:21:42.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:00.980",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125728"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125728"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-24 14:29
Modified
2024-11-21 03:22
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22015635Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/134915VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22015635Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/134915VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F8C5C0-7688-42E8-862B-3CB138274858",
              "versionEndIncluding": "6.0.5",
              "versionStartExcluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64000F3-395D-4826-92DD-DB2489470462",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE15C4BA-1322-4EF3-83D3-F78B9D37E81C",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F767CA4-A024-44A4-A987-17057E1A6245",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B398352-76E1-4727-B34C-620F26CBD5BF",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "886BE49D-114F-4BF7-BE5C-2EEFA44CAFD6",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1428CCDC-D542-4983-B035-66FC28E5FF6A",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B07DA35D-2527-4DE8-97F1-9FC1C48255EE",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B2601D1-4D55-4B4A-9CED-CF736270E63F",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1113669B-B338-4ABD-9A34-B57880020C84",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A559F0D7-DFB9-4CBB-8F64-EE7FE1B4DFE5",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8934D3C7-2C1C-4BE0-B3F5-320364879DC3",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Team Server afecta a los siguientes productos IBM Rational: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM) y Rational Software Architect (RSA DM) almacenan informaci\u00f3n potencialmente sensible en una cach\u00e9 que podr\u00eda ser le\u00edda por usuarios autenticados. IBM X-Force ID: 134915."
    }
  ],
  "id": "CVE-2017-1734",
  "lastModified": "2024-11-21T03:22:17.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-24T14:29:00.373",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22015635"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22015635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134915"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-11-06 16:29
Modified
2024-11-21 04:00
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10738301Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/145609Patch, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10738301Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/145609Patch, VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "667D04CD-BC8D-4CEB-B502-8D1379B7B436",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5C09499-13C3-4F91-A68D-C8FEB77B18DE",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DDB2D08-0405-4BFD-9DBE-0AD8589B18FF",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BABC587-0E98-4CE1-AD8C-4045D3CA2941",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E00B0B-14E3-4799-9FD6-63418A8086F2",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB5653C-C3DD-471B-B644-6E3128CA7401",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C503A9-6837-4EBD-87E5-2CA76AF85B79",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A1EBFE0-1EA4-46A9-866B-3ED2E1187612",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1F2828-9730-4474-82B4-E08AD40CBAAD",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48EFB76-A843-46B9-8840-83DC35330DD3",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98DCDC04-6FD5-49CB-BC20-757A69C4AC0C",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "909CD52D-BC7A-467F-A88B-15150C6A41ED",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8789F641-3AFA-4262-B554-DEB4270D1DB5",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609."
    },
    {
      "lang": "es",
      "value": "Las aplicaciones basadas en IBM Jazz (IBM Rational Collaborative Lifecycle Management en versiones 5.0 hasta la 5.02 y versiones 6.0 hasta la 6.0.6, IBM Rational DOORS Next Generation en versiones 5.0 hasta la 5.02 y versiones 6.0 hasta la 6.0.6, IBM Rational Engineering Lifecycle Manager en versiones 5.0 hasta la 5.02 y versiones 6.0 hasta la 6.0.6, IBM Rational Quality Manager en versiones 5.0 hasta la 5.02 y versiones 6.0 hasta la 6.0.6, IBM Rational Rhapsody Design Manager en versiones 5.0 hasta la 5.02 y versiones 6.0 hasta la 6.0.6, IBM Rational Software Architect Design Manager en versiones 5.0 hasta la 5.02 y versiones 6.0 hasta la 6.0.1, y IBM Rational Team Concert en versiones 5.0 hasta la 5.02 y versiones 6.0 hasta la 6.0.6) podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n sensible, provocado por el error a la hora de habilitar HTTP Strict Transport Security. Un atacante podr\u00eda explotar esta vulnerabilidad para obtener informaci\u00f3n sensible empleando t\u00e9cnicas Man-in-the-Middle (MitM). IBM X-Force ID: 145609."
    }
  ],
  "id": "CVE-2018-1694",
  "lastModified": "2024-11-21T04:00:12.873",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-06T16:29:00.737",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738301"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145609"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-11-24 19:59
Modified
2025-04-12 10:46
Severity ?
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21991478Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/94541
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21991478Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94541
Impacted products
Vendor Product Version
ibm rational_team_concert 3.0.1.6
ibm rational_team_concert 4.0.0
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0.0
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_software_architect_design_manager 4.0.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_software_architect_design_manager 6.0.2
ibm rational_collaborative_lifecycle_management 3.0.1.6
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_engineering_lifecycle_manager 4.0.0
ibm rational_engineering_lifecycle_manager 4.0.1
ibm rational_engineering_lifecycle_manager 4.0.2
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_doors_next_generation 4.0.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2500F56F-C615-4836-9F6E-44985F898E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBEB328-08B8-41ED-8D80-748948CB2BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC4C9D2-6799-44B5-AEF4-47DD3CC012FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED534E3-80EF-40AF-927A-20D59DA7B045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "543CFD7E-E204-436E-A88E-212A368F7AB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FA0B68-62BE-45B5-A359-1F922BEA587C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF24F7E-C48D-42CE-98AD-71F042014B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4377F30-6FDD-4232-92A4-62832E08A934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B494B8-27DC-4FA4-BB86-1FEF51A2FA6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5419531-869F-4389-AF72-18F6E0DF3CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "08EEA77B-8151-407C-A840-6E2334FF962B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6B3E2B-B33D-4FB4-A8CF-0D3C781B371E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2214FC95-71C7-4EB5-B924-9626D663E8FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F32526-C148-4FCE-B32B-88A8F2BB3A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Team Concert 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5 no establece el indicador seguro para la cookie de sesi\u00f3n en una sesi\u00f3n https, lo que facilita a atacantes remotos capturar esta cookie interceptando su transmisi\u00f3n dentro de una sesi\u00f3n http."
    }
  ],
  "id": "CVE-2016-0372",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-24T19:59:09.143",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/94541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94541"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-254"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-11-24 19:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Summary
The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21991478Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/94555
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21991478Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94555
Impacted products
Vendor Product Version
ibm rational_software_architect_design_manager 4.0.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_software_architect_design_manager 6.0.2
ibm rational_collaborative_lifecycle_management 3.0.1.6
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_team_concert 3.0.1.6
ibm rational_team_concert 4.0.0
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0.0
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_doors_next_generation 4.0.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_engineering_lifecycle_manager 4.0.0
ibm rational_engineering_lifecycle_manager 4.0.1
ibm rational_engineering_lifecycle_manager 4.0.2
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED534E3-80EF-40AF-927A-20D59DA7B045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "543CFD7E-E204-436E-A88E-212A368F7AB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FA0B68-62BE-45B5-A359-1F922BEA587C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2500F56F-C615-4836-9F6E-44985F898E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBEB328-08B8-41ED-8D80-748948CB2BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC4C9D2-6799-44B5-AEF4-47DD3CC012FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F32526-C148-4FCE-B32B-88A8F2BB3A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF24F7E-C48D-42CE-98AD-71F042014B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4377F30-6FDD-4232-92A4-62832E08A934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B494B8-27DC-4FA4-BB86-1FEF51A2FA6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5419531-869F-4389-AF72-18F6E0DF3CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "08EEA77B-8151-407C-A840-6E2334FF962B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6B3E2B-B33D-4FB4-A8CF-0D3C781B371E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2214FC95-71C7-4EB5-B924-9626D663E8FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
    },
    {
      "lang": "es",
      "value": "El int\u00e9rprete XML en IBM Rational Collaborative Lifecycle Management 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Team Concert 3.0.1.6 en versiones anteriores a iFix8, 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5 permite a usuarios remotos autenticados leer archivos arbitrarios o provocar una denegaci\u00f3n de servicio a trav\u00e9s de un documento XML que contenga una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia de entidad, relacionado con un problema XML External Entity (XXE)."
    }
  ],
  "id": "CVE-2016-0284",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-24T19:59:04.753",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/94555"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94555"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-11-27 21:29
Modified
2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22010512Issue Tracking, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/101976Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/124359Issue Tracking, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22010512Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101976Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/124359Issue Tracking, VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.3
ibm rational_team_concert 6.0.4
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.3
ibm rational_doors_next_generation 6.0.4
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.3
ibm rational_engineering_lifecycle_manager 6.0.4
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 6.0.3
ibm rational_rhapsody_design_manager 6.0.4
ibm rational_software_architect_design_manager 4.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B323BB-9966-4BBF-B5EE-44CD9A769A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C98336-97F8-4263-A801-D6F5673CB17A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "141B7F93-4A02-4A60-94F1-A6D9A80A4889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "27404EC5-26B2-490E-8211-09783FEF084C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A158959-BD73-40D2-BB26-537D8ACBF7A9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61CE7D3E-BF02-44DA-ADAE-5CB0E22492AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D97FEF-5C37-47EC-9B25-F05B9C5B03BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1443C0B-D85D-4A8C-AB00-E092097D93EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BEB8AD-ACD5-4F5B-8C95-8C1EA8BFE815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C57DF8BD-34A6-481A-902A-8E1D190201FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B450B35-5169-4B41-B928-0F22DF55A28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9800CBFC-3169-42CA-BB36-22C34F222FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Rhapsody DM podr\u00edan revelar informaci\u00f3n sensible en respuestas HTTP 500 - Error interno del servidor. IBM X-Force ID: 124359."
    }
  ],
  "id": "CVE-2017-1240",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-27T21:29:00.283",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101976"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124359"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-25 12:29
Modified
2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22009296Issue Tracking, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/101616Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/125157VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22009296Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101616Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/125157VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157."
    },
    {
      "lang": "es",
      "value": "RSA DM de IBM incluye una vulnerabilidad no especificada en aplicaciones CLM que podr\u00c3\u00ada dar lugar al filtrado de informaci\u00c3\u00b3n. IBM X-Force ID: 125157."
    }
  ],
  "id": "CVE-2017-1295",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-25T12:29:00.330",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101616"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125157"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-06 14:29
Modified
2024-11-21 03:22
Severity ?
3.1 (Low) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/131758VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715709Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/131758VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715709Permissions Required
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_team_concert *
ibm rational_team_concert 5.0.1
ibm rational_doors_next_generation *
ibm rational_doors_next_generation 5.0.1
ibm rational_quality_manager *
ibm rational_quality_manager 5.0.1
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager 5.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55F41839-16F2-4DF0-851E-4549F906BB70",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C7E065-EAF0-4A4D-B6F8-A2705C287EE7",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "130C05BE-0919-4A40-9F1E-C7AB4D718D05",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C61916-4F4D-4DD3-8F09-F55322767C14",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E0686F-C62F-4A6A-861E-19467C8018A0",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4BE1EAE-1C18-4FC0-A7FB-A58C011CF1F9",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples productos de IBM Rational podr\u00edan permitir que un atacante que intercepte peticiones vulnerables divulgue informaci\u00f3n sensible. IBM X-Force ID: 131758."
    }
  ],
  "id": "CVE-2017-1559",
  "lastModified": "2024-11-21T03:22:04.723",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-06T14:29:00.897",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131758"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715709"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715709"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-04-27 11:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21882770Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21882770Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_software_architect_design_manager 4.0.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_requirements_composer 4.0.0
ibm rational_requirements_composer 4.0.0.1
ibm rational_requirements_composer 4.0.0.2
ibm rational_requirements_composer 4.0.1
ibm rational_requirements_composer 4.0.2
ibm rational_requirements_composer 4.0.3
ibm rational_requirements_composer 4.0.4
ibm rational_requirements_composer 4.0.5
ibm rational_requirements_composer 4.0.6
ibm rational_requirements_composer 4.0.7
ibm rational_doors_next_generation 4.0.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF6342F6-709A-4043-A879-57E9C7232C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CDFA1C-9C07-4744-95F9-93A2332E2F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D8C43B-C109-44E1-868F-7DC1289D9BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EFFBB5B-8566-45BC-9123-5418821E6EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF2CC2A-232C-43A6-8C9B-E6125C051BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A84EA62-E3F8-4E4C-9FEF-065300C4611A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0232D8EF-1DB3-477D-818C-B79B68406197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8158D2-ECB0-4F89-BE73-568CA213D9B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request."
    },
    {
      "lang": "es",
      "value": "El sistema de ayuda de Jazz en IBM Rational Collaborative Lifecycle Management 4.0 hasta 5.0.2, Rational Quality Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Team Concert 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Requirements Composer 4.0 hasta 4.0.7, Rational DOORS Next Generation 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 hasta 4.0.7 y 5.0 hasta 5.0.2, Rational Rhapsody Design Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2, y Rational Software Architect Design Manager 4.0 hasta 4.0.7 y 5.0 hasta 5.0.2 permite a atacantes remotos leer c\u00f3digo JSP de fuente a trav\u00e9s de una solicitud manipulada."
    }
  ],
  "id": "CVE-2015-0113",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-27T11:59:03.280",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882770"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-11-25 03:59
Modified
2025-04-12 10:46
Severity ?
2.7 (Low) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to obtain sensitive information via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21991477Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/94518
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21991477Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94518
Impacted products
Vendor Product Version
ibm rational_team_concert 3.0.1.6
ibm rational_team_concert 4.0.0
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_software_architect_design_manager 4.0.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_software_architect_design_manager 6.0.2
ibm rational_doors_next_generation 4.0.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_collaborative_lifecycle_management 3.0.1.6
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_engineering_lifecycle_manager 4.0.0
ibm rational_engineering_lifecycle_manager 4.0.1
ibm rational_engineering_lifecycle_manager 4.0.2
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0.0
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2500F56F-C615-4836-9F6E-44985F898E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBEB328-08B8-41ED-8D80-748948CB2BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6B3E2B-B33D-4FB4-A8CF-0D3C781B371E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2214FC95-71C7-4EB5-B924-9626D663E8FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED534E3-80EF-40AF-927A-20D59DA7B045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "543CFD7E-E204-436E-A88E-212A368F7AB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F32526-C148-4FCE-B32B-88A8F2BB3A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FA0B68-62BE-45B5-A359-1F922BEA587C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF24F7E-C48D-42CE-98AD-71F042014B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4377F30-6FDD-4232-92A4-62832E08A934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B494B8-27DC-4FA4-BB86-1FEF51A2FA6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5419531-869F-4389-AF72-18F6E0DF3CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "08EEA77B-8151-407C-A840-6E2334FF962B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC4C9D2-6799-44B5-AEF4-47DD3CC012FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to obtain sensitive information via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Quality Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Team Concert 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5 permiten a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-2947",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-25T03:59:00.187",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991477"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/94518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94518"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125724.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/125724Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/125724Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125724."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 125724."
    }
  ],
  "id": "CVE-2017-1313",
  "lastModified": "2024-11-21T03:21:41.793",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:00.823",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125724"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/95117Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=swg21996097Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/95117Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=swg21996097Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-6061",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:02.113",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95117"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-12-27 16:29
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22011815Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/126858VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22011815Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/126858VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager 5.0.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D974C0B2-5C29-4298-8AD7-28794B5ED473",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92A37B81-7F7D-4942-8FAB-CDAAAA00C524",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB5653C-C3DD-471B-B644-6E3128CA7401",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB171CCC-251B-42DD-BFE5-FA0193B2111F",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3F0FEE7-6D74-494E-9081-D4942FE17CEB",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "909CD52D-BC7A-467F-A88B-15150C6A41ED",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA2EE62-E164-4725-8FCE-8438C835735F",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E769AC93-2F4C-4ADC-8228-B5C82FC445A1",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5C09499-13C3-4F91-A68D-C8FEB77B18DE",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5EE3277-D8B8-44B6-8FBF-131B655F72AD",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA536CF-BF5F-42F1-8F7A-7850E4AC9319",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BABC587-0E98-4CE1-AD8C-4045D3CA2941",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A9B6E48-DF7B-4E10-A1AF-B3008ECE08E2",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06626B42-DA20-4266-B4B8-F98E5525C2FC",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A1EBFE0-1EA4-46A9-866B-3ED2E1187612",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E4B3B3C-85EA-418E-9F2B-7E40AC8CB6A1",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9DA362-C185-4467-B0BC-20703EAE5D69",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED534E3-80EF-40AF-927A-20D59DA7B045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858."
    },
    {
      "lang": "es",
      "value": "IBM Team Concert (RTC incluido IBM Rational Collaborative Lifecycle Management 4.0, 5.0 y 6.0) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades planeadas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 126858."
    }
  ],
  "id": "CVE-2017-1365",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-27T16:29:14.230",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22011815"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22011815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126858"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-03-23 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133379.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22014815Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/103477Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/133379VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22014815Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103477Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/133379VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F04AB63-431B-4AB3-B8B0-48664B7340CC",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1C422A-3D5F-48B1-BC6E-954D1AFA34F9",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "886BE49D-114F-4BF7-BE5C-2EEFA44CAFD6",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1428CCDC-D542-4983-B035-66FC28E5FF6A",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CDEB94-002E-479A-A055-F3FD38D3AE41",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A559F0D7-DFB9-4CBB-8F64-EE7FE1B4DFE5",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8934D3C7-2C1C-4BE0-B3F5-320364879DC3",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E769AC93-2F4C-4ADC-8228-B5C82FC445A1",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64000F3-395D-4826-92DD-DB2489470462",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "130C05BE-0919-4A40-9F1E-C7AB4D718D05",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA536CF-BF5F-42F1-8F7A-7850E4AC9319",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F767CA4-A024-44A4-A987-17057E1A6245",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B398352-76E1-4727-B34C-620F26CBD5BF",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19611ED3-74F3-4124-A334-09A66A9274A9",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B07DA35D-2527-4DE8-97F1-9FC1C48255EE",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B2601D1-4D55-4B4A-9CED-CF736270E63F",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D29F101-F08E-42A1-B7F2-1BD982F81221",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1113669B-B338-4ABD-9A34-B57880020C84",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA82CE3A-560B-4D43-98B9-BD9EF9E8DFE6",
              "versionEndIncluding": "6.0.1",
              "versionStartExcluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133379."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 y 6.0) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 133379."
    }
  ],
  "id": "CVE-2017-1655",
  "lastModified": "2024-11-21T03:22:10.917",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-23T19:29:00.387",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103477"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133379"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-03-14 22:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145509.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10875340Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/107435Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/145509VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10875340Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107435Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/145509VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "430B8F05-0B96-409A-AAFD-4F73C3B12AEB",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E6F6730-8D5D-4841-9D77-1E3810C2A324",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9940943B-377B-4176-A04B-D0AB72CA1472",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35C8771-5A65-4497-842A-7FE25EEBB82C",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B5A77F6-FE21-4EA8-AAC5-F6B025E2C1FE",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12477351-8D76-4DC0-BE6A-C9948E033723",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "732DE32F-6DDE-4612-B004-D6FC13067FE2",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145509."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 6.0.6) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 145509."
    }
  ],
  "id": "CVE-2018-1688",
  "lastModified": "2024-11-21T04:00:12.407",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-14T22:29:00.307",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107435"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145509"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-11-29 16:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148616.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/106053Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/148616VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10742281Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106053Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/148616VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10742281Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "667D04CD-BC8D-4CEB-B502-8D1379B7B436",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5C09499-13C3-4F91-A68D-C8FEB77B18DE",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DDB2D08-0405-4BFD-9DBE-0AD8589B18FF",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BABC587-0E98-4CE1-AD8C-4045D3CA2941",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E00B0B-14E3-4799-9FD6-63418A8086F2",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB5653C-C3DD-471B-B644-6E3128CA7401",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C503A9-6837-4EBD-87E5-2CA76AF85B79",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A1EBFE0-1EA4-46A9-866B-3ED2E1187612",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1F2828-9730-4474-82B4-E08AD40CBAAD",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48EFB76-A843-46B9-8840-83DC35330DD3",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98DCDC04-6FD5-49CB-BC20-757A69C4AC0C",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "909CD52D-BC7A-467F-A88B-15150C6A41ED",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8789F641-3AFA-4262-B554-DEB4270D1DB5",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148616."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 148616."
    }
  ],
  "id": "CVE-2018-1762",
  "lastModified": "2024-11-21T04:00:19.380",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-29T16:29:00.323",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106053"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148616"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742281"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-19 16:15
Modified
2024-11-21 05:33
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/193738VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6473141Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/193738VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6473141Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization 7.0
ibm engineering_lifecycle_optimization 7.0.1
ibm engineering_lifecycle_optimization 7.0.2
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 7.0
ibm rational_doors_next_generation 7.0.1
ibm rational_doors_next_generation 7.0.2
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_engineering_lifecycle_manager 7.0.1
ibm rational_engineering_lifecycle_manager 7.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF5602-8FB3-445E-AD29-D340CF0B5C33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E04D01A5-D5B6-481F-89A6-E2D59AB50C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "366A25AA-CB2E-4D9D-9F12-12C4219FAE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3346A2-D576-48D5-A79A-773F127DB75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2A1FE3-0E4A-4D97-9C3D-923507A732A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 193738"
    }
  ],
  "id": "CVE-2020-5031",
  "lastModified": "2024-11-21T05:33:34.513",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-19T16:15:08.607",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193738"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6473141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6473141"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-03-14 22:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152740.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10875340Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/107435Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/152740VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10875340Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107435Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/152740VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "430B8F05-0B96-409A-AAFD-4F73C3B12AEB",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E6F6730-8D5D-4841-9D77-1E3810C2A324",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9940943B-377B-4176-A04B-D0AB72CA1472",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35C8771-5A65-4497-842A-7FE25EEBB82C",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B5A77F6-FE21-4EA8-AAC5-F6B025E2C1FE",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12477351-8D76-4DC0-BE6A-C9948E033723",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "732DE32F-6DDE-4612-B004-D6FC13067FE2",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152740."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager, desde la versi\u00f3n 5.0 hasta la 6.0.6) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 152740."
    }
  ],
  "id": "CVE-2018-1916",
  "lastModified": "2024-11-21T04:00:35.637",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-14T22:29:00.930",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107435"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152740"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-06 14:29
Modified
2024-11-21 03:21
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10716201Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/124357VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10716201Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/124357VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_collaborative_lifecycle_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "886BE49D-114F-4BF7-BE5C-2EEFA44CAFD6",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1428CCDC-D542-4983-B035-66FC28E5FF6A",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91C31818-990D-4CA2-8AB1-3039E447F2E8",
              "versionEndIncluding": "6.0.3",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357."
    },
    {
      "lang": "es",
      "value": "IBM Quality Manager (RQM) en versiones 5.0.x y desde la 6.0 hasta la 6.0.5 podr\u00eda revelar informaci\u00f3n sensible en respuestas de error \"HTTP 500: Error interno del servidor\". IBM X-Force ID: 124357."
    }
  ],
  "id": "CVE-2017-1239",
  "lastModified": "2024-11-21T03:21:33.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-06T14:29:00.617",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124357"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124357"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-07-20 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21960407Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21960407Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_doors_next_generation 4.0.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0.0
ibm rational_doors_next_generation 5.0.1
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_requirements_composer 4.0.0
ibm rational_requirements_composer 4.0.0.1
ibm rational_requirements_composer 4.0.0.2
ibm rational_requirements_composer 4.0.1
ibm rational_requirements_composer 4.0.2
ibm rational_requirements_composer 4.0.3
ibm rational_requirements_composer 4.0.4
ibm rational_requirements_composer 4.0.5
ibm rational_requirements_composer 4.0.6
ibm rational_requirements_composer 4.0.7
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF6342F6-709A-4043-A879-57E9C7232C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CDFA1C-9C07-4744-95F9-93A2332E2F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D8C43B-C109-44E1-868F-7DC1289D9BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EFFBB5B-8566-45BC-9123-5418821E6EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF2CC2A-232C-43A6-8C9B-E6125C051BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A84EA62-E3F8-4E4C-9FEF-065300C4611A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0232D8EF-1DB3-477D-818C-B79B68406197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8158D2-ECB0-4F89-BE73-568CA213D9B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en Jazz Team Server en Jazz Foundation en IBM Rational Collaborative Lifecycle Management (CLM) en la versi\u00f3n 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5; Rational Quality Manager (RQM) 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5; Rational Team Concert (RTC) 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x trav\u00e9s de 4.0.7; y Rational DOORS Next Generation (RDNG) 4.x anterior a 4.0.7 IF6 5.x anterior a 5.0.2 IF5, permite a atacantes remotos inyectar secuencias de comandos o HTML arbitrario por medio de una URL manipulada."
    }
  ],
  "id": "CVE-2015-0130",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-07-20T01:59:02.347",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960407"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-03-18 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21698247Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21698247Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_doors_next_generation 4.0.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_requirements_composer 2.0
ibm rational_requirements_composer 2.0.0.1
ibm rational_requirements_composer 2.0.0.2
ibm rational_requirements_composer 2.0.0.3
ibm rational_requirements_composer 2.0.0.4
ibm rational_requirements_composer 3.0
ibm rational_requirements_composer 3.0.1
ibm rational_requirements_composer 3.0.1.1
ibm rational_requirements_composer 3.0.1.2
ibm rational_requirements_composer 3.0.1.3
ibm rational_requirements_composer 3.0.1.4
ibm rational_requirements_composer 3.0.1.5
ibm rational_requirements_composer 3.0.1.6
ibm rational_collaborative_lifecycle_management 3.0.0
ibm rational_collaborative_lifecycle_management 3.0.1
ibm rational_collaborative_lifecycle_management 3.0.1.1
ibm rational_collaborative_lifecycle_management 3.0.1.2
ibm rational_collaborative_lifecycle_management 3.0.1.3
ibm rational_collaborative_lifecycle_management 3.0.1.4
ibm rational_collaborative_lifecycle_management 3.0.1.5
ibm rational_collaborative_lifecycle_management 3.0.1.6
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_team_concert 2.0.0.1
ibm rational_team_concert 2.0.0.2
ibm rational_team_concert 3.0
ibm rational_team_concert 3.0.1
ibm rational_team_concert 3.0.1.1
ibm rational_team_concert 3.0.1.2
ibm rational_team_concert 3.0.1.3
ibm rational_team_concert 3.0.1.4
ibm rational_team_concert 3.0.1.5
ibm rational_team_concert 3.0.1.6
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_quality_manager 2.0
ibm rational_quality_manager 2.0.0.1
ibm rational_quality_manager 2.0.0.2
ibm rational_quality_manager 2.0.1
ibm rational_quality_manager 2.0.1.1
ibm rational_quality_manager 3.0
ibm rational_quality_manager 3.0.1
ibm rational_quality_manager 3.0.1.1
ibm rational_quality_manager 3.0.1.2
ibm rational_quality_manager 3.0.1.3
ibm rational_quality_manager 3.0.1.4
ibm rational_quality_manager 3.0.1.5
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E211DC-D0D7-4527-AE87-231A19D58C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20AABE5F-C942-45BB-86A9-C3F2E949D64E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A04D314-F6EB-41B9-945A-D8428D86B655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3717DCFC-1336-45EC-919C-E1CD1B37DA2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC743273-AD4B-4A14-9C0C-23A865A640C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E8B281-4A2E-41E9-8953-9F041030EF65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF24AEA-D261-485F-A7FF-D5DAF033C571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD53B1B-BCD3-4A8D-8FBB-4965FA30D9E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0FA509F-C96E-428C-A69A-7D96E1C219B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0229C996-3960-4A7A-BA2E-03819281CA6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FBFCAE-0324-4C8B-82F4-1EBFA440CB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17099F68-B49C-4433-98B6-7C7FE8846702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D43547B3-1085-48B1-A6D3-32B791EE09FE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9641F4-846F-4FB0-BE40-F30972C87D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E21B53E-28C2-4930-88F3-3AADD1BF31B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF2CAB1D-B5AB-42D2-8F35-52C6F64EC0FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "71816D92-AC01-4F7D-A878-7280175BB422",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D17CA5-2B63-4914-9DBF-5861F69B5238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D3B001F-0031-4BED-9A49-B9589EC9E5CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8CED8F4-22A6-4945-A21F-0D399BE661F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FA0B68-62BE-45B5-A359-1F922BEA587C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4875C452-2466-45F1-8923-00E5340D74D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B15EF2E-A114-4128-85F1-889EDC3F6C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07F4E00-F0BA-4821-B5B4-3C0E9D01AAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80E49B8-8BC4-4150-B86A-A5E474F4E598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6915A8F-05A1-4D39-BF53-0C3F4B155A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E92346D-B1A8-43F8-B2C1-E69A3301560B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F081AEF5-3F0F-4D58-8BBE-EDB9C569CAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "44840CC3-5720-4AF8-B508-67AB5E3E1CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F65519B-90F8-4A17-BA94-FDFDE5BF8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CE0A31B-7A9B-40E6-8648-365D018BA0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A9E54DB-5CB0-4289-B1A7-EA82494A8FEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B2944B8-BFD1-4184-8E49-69385DD0C0D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71ECC4C2-BF61-47C7-8435-BE71F1AD0A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A826A681-A706-4512-B863-1FEABFBCC677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79E7EF2-5615-4300-BC0D-865DBDC8B46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59EB6D6-2A74-4988-912C-97045647F1ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EAB61F7-B5B4-47E8-8BFD-02F025358781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93D8CAB-0DF0-4A1D-B1A3-78FF892D04AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7204792C-1506-4E95-92CD-098F760FC429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FC134C-08AB-4874-B31D-B08CDF4C2DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1649F910-F8B9-4AAD-9743-C37B8784A771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Rational Jazz Team Server (JTS), utilixado en Rational Collaborative Lifecycle Management 3.x y 4.x y 4.0.7 iFix4 y 5.x anterior a 5.0.2 iFix2; Rational Quality Manager 2.x y 3.x anterior a 3.0.1.6 iFix5, 4.x anterior a 4.0.7 iFix4, y 5.x anterior a 5.0.2 iFix2; Rational Team Concert 2.x y 3.x anterior a 3.0.1.6 iFix5, 4.x anterior a 4.0.7 iFix4, y 5.x anterior a 5.0.2 iFix2; Rational DOORS Next Generation 4.x anterior a 4.0.7 iFix4 y 5.x anterior a 5.0.2 iFix2; Rational Requirements Composer 2.x y 3.x anterior a 3.0.1.6 iFix5; y otros productos, permite a usuarios remotos autenticados leer los paneles de control de usuarios arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-6131",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-03-18T10:59:01.197",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698247"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-02 21:59
Modified
2025-04-12 10:46
Severity ?
6.8 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Summary
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; and Rational Software Architect Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21973200Vendor Advisory
psirt@us.ibm.comhttp://www.securitytracker.com/id/1034565
psirt@us.ibm.comhttp://www.securitytracker.com/id/1034566
psirt@us.ibm.comhttp://www.securitytracker.com/id/1034567
psirt@us.ibm.comhttp://www.securitytracker.com/id/1034568
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21973200Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034565
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034566
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034567
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034568
Impacted products
Vendor Product Version
ibm rational_quality_manager 2.0
ibm rational_quality_manager 2.0.1
ibm rational_quality_manager 3.0
ibm rational_quality_manager 3.0.1
ibm rational_quality_manager 3.0.1.1
ibm rational_quality_manager 3.0.1.2
ibm rational_quality_manager 3.0.1.3
ibm rational_quality_manager 3.0.1.4
ibm rational_quality_manager 3.0.1.5
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_rhapsody_design_manager 3.0
ibm rational_rhapsody_design_manager 3.0.0.1
ibm rational_rhapsody_design_manager 3.0.1
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_requirements_composer 2.0
ibm rational_requirements_composer 2.0.0.1
ibm rational_requirements_composer 2.0.0.2
ibm rational_requirements_composer 2.0.0.3
ibm rational_requirements_composer 2.0.0.4
ibm rational_requirements_composer 3.0
ibm rational_requirements_composer 3.0.1
ibm rational_requirements_composer 3.0.1.1
ibm rational_requirements_composer 3.0.1.2
ibm rational_requirements_composer 3.0.1.3
ibm rational_requirements_composer 3.0.1.4
ibm rational_requirements_composer 3.0.1.5
ibm rational_requirements_composer 3.0.1.6
ibm rational_requirements_composer 4.0
ibm rational_requirements_composer 4.0.0.1
ibm rational_requirements_composer 4.0.0.2
ibm rational_requirements_composer 4.0.1
ibm rational_requirements_composer 4.0.2
ibm rational_requirements_composer 4.0.3
ibm rational_requirements_composer 4.0.4
ibm rational_requirements_composer 4.0.5
ibm rational_requirements_composer 4.0.6
ibm rational_requirements_composer 4.0.7
ibm rational_engineering_lifecycle_manager 1.0
ibm rational_engineering_lifecycle_manager 1.0.0.1
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_doors_next_generation 4.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_collaborative_lifecycle_management 3.0.1
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_software_architect_design_manager 3.0
ibm rational_software_architect_design_manager 3.0.0.1
ibm rational_software_architect_design_manager 3.0.1
ibm rational_software_architect_design_manager 4.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_team_concert 2.0
ibm rational_team_concert 2.0.0.1
ibm rational_team_concert 2.0.0.2
ibm rational_team_concert 3.0
ibm rational_team_concert 3.0.1
ibm rational_team_concert 3.0.1.1
ibm rational_team_concert 3.0.1.2
ibm rational_team_concert 3.0.1.3
ibm rational_team_concert 3.0.1.4
ibm rational_team_concert 3.0.1.5
ibm rational_team_concert 3.0.1.6
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CE0A31B-7A9B-40E6-8648-365D018BA0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71ECC4C2-BF61-47C7-8435-BE71F1AD0A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79E7EF2-5615-4300-BC0D-865DBDC8B46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59EB6D6-2A74-4988-912C-97045647F1ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EAB61F7-B5B4-47E8-8BFD-02F025358781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93D8CAB-0DF0-4A1D-B1A3-78FF892D04AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7204792C-1506-4E95-92CD-098F760FC429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FC134C-08AB-4874-B31D-B08CDF4C2DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1649F910-F8B9-4AAD-9743-C37B8784A771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF445BA2-BD53-43FB-BF1E-58510FC4FF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA18DE5C-904D-4FD0-A479-18314B170ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "890ABCC2-F417-4E6E-A0A8-7D485FAE3FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E211DC-D0D7-4527-AE87-231A19D58C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20AABE5F-C942-45BB-86A9-C3F2E949D64E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A04D314-F6EB-41B9-945A-D8428D86B655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3717DCFC-1336-45EC-919C-E1CD1B37DA2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC743273-AD4B-4A14-9C0C-23A865A640C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E8B281-4A2E-41E9-8953-9F041030EF65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF24AEA-D261-485F-A7FF-D5DAF033C571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD53B1B-BCD3-4A8D-8FBB-4965FA30D9E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0FA509F-C96E-428C-A69A-7D96E1C219B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0229C996-3960-4A7A-BA2E-03819281CA6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FBFCAE-0324-4C8B-82F4-1EBFA440CB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17099F68-B49C-4433-98B6-7C7FE8846702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D43547B3-1085-48B1-A6D3-32B791EE09FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D3894CB-8DF7-4011-B47F-36485A2A6E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CDFA1C-9C07-4744-95F9-93A2332E2F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D8C43B-C109-44E1-868F-7DC1289D9BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EFFBB5B-8566-45BC-9123-5418821E6EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF2CC2A-232C-43A6-8C9B-E6125C051BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A84EA62-E3F8-4E4C-9FEF-065300C4611A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0232D8EF-1DB3-477D-818C-B79B68406197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8158D2-ECB0-4F89-BE73-568CA213D9B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B30003D-1BF8-414D-9D6D-9D1B90D4EBB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B5AC6B-5DCB-458C-8267-6AF5CC9C3E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E997305-EC48-42C4-9408-EE622818BA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E21B53E-28C2-4930-88F3-3AADD1BF31B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5C2251-FB5D-4775-BDB8-6115732E6615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB05DAD7-F6DB-4441-B9D4-BD0F1BD1DF25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89BE9040-CC37-495C-A05B-FC3DFBC02DC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B450B35-5169-4B41-B928-0F22DF55A28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D0173BE-F9DE-4566-B060-095203FAACA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4875C452-2466-45F1-8923-00E5340D74D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B15EF2E-A114-4128-85F1-889EDC3F6C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07F4E00-F0BA-4821-B5B4-3C0E9D01AAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80E49B8-8BC4-4150-B86A-A5E474F4E598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6915A8F-05A1-4D39-BF53-0C3F4B155A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E92346D-B1A8-43F8-B2C1-E69A3301560B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F081AEF5-3F0F-4D58-8BBE-EDB9C569CAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "44840CC3-5720-4AF8-B508-67AB5E3E1CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F65519B-90F8-4A17-BA94-FDFDE5BF8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; and Rational Software Architect Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0 allows remote authenticated users to conduct clickjacking attacks via a crafted web site."
    },
    {
      "lang": "es",
      "value": "Jazz Team Server en Jazz Foundation en IBM Rational Collaborative Lifecycle Management (CLM) 3.x y 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF11 y 6.x en versiones anteriores a 6.0.0 IF4; Rational Quality Manager (RQM) 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF11 y 6.0 en versiones anteriores a 6.0.0 IF4; Rational Team Concert (RTC) 3.x en versiones anteriores a 3.0.1.6 IF7, 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF11 y 6.0 en versiones anteriores a 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x en versiones anteriores a 3.0.1.6 IF7 y 4.x en versiones anteriores a 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x en versiones anteriores a 4.0.7 IF9, 5.x en versiones anteriores a 5.0.2 IF11 y 6.0 en versiones anteriores a 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 hasta la versi\u00f3n 4.0.7, 5.0 hasta la versi\u00f3n 5.0.2 y 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 hasta la versi\u00f3n 4.0.7, 5.0 hasta la versi\u00f3n 5.0.2 y 6.0.0; y Rational Software Architect Design Manager (DM) 4.0 hasta la versi\u00f3n 4.0.7, 5.0 hasta la versi\u00f3n 5.0.2 y 6.0.0 permite a usuarios remotos autenticados llevar a cabo ataques de secuestro de clic a trav\u00e9s de una p\u00e1gina web manipulada."
    }
  ],
  "id": "CVE-2015-1928",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-02T21:59:00.127",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973200"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1034565"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1034566"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1034567"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1034568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034568"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-11-06 16:29
Modified
2024-11-21 04:00
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10738301Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/143796VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10738301Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/143796VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "667D04CD-BC8D-4CEB-B502-8D1379B7B436",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5C09499-13C3-4F91-A68D-C8FEB77B18DE",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DDB2D08-0405-4BFD-9DBE-0AD8589B18FF",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BABC587-0E98-4CE1-AD8C-4045D3CA2941",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E00B0B-14E3-4799-9FD6-63418A8086F2",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB5653C-C3DD-471B-B644-6E3128CA7401",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C503A9-6837-4EBD-87E5-2CA76AF85B79",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A1EBFE0-1EA4-46A9-866B-3ED2E1187612",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1F2828-9730-4474-82B4-E08AD40CBAAD",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48EFB76-A843-46B9-8840-83DC35330DD3",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98DCDC04-6FD5-49CB-BC20-757A69C4AC0C",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "909CD52D-BC7A-467F-A88B-15150C6A41ED",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8789F641-3AFA-4262-B554-DEB4270D1DB5",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796."
    },
    {
      "lang": "es",
      "value": "Las aplicaciones basadas en IBM Jazz (IBM Rational Collaborative Lifecycle Management en versiones 5.0 hasta la 5.02 y versiones 6.0 hasta la 6.0.6, IBM Rational DOORS Next Generation en versiones 5.0 hasta la 5.02 y versiones 6.0 hasta la 6.0.6, IBM Rational Engineering Lifecycle Manager en versiones 5.0 hasta la 5.02 y versiones 6.0 hasta la 6.0.6, IBM Rational Quality Manager en versiones 5.0 hasta la 5.02 y versiones 6.0 hasta la 6.0.6, IBM Rational Rhapsody Design Manager en versiones 5.0 hasta la 5.02 y versiones 6.0 hasta la 6.0.6, IBM Rational Software Architect Design Manager en versiones 5.0 hasta la 5.02 y versiones 6.0 hasta la 6.0.1, y IBM Rational Team Concert en versiones 5.0 hasta la 5.02 y versiones 6.0 hasta la 6.0.6) podr\u00eda permitir que un usuario autenticado obtenga informaci\u00f3n sensible de un mensaje de error que podr\u00eda emplearse en m\u00e1s ataques contra el sistema. IBM X-Force ID: 143796."
    }
  ],
  "id": "CVE-2018-1606",
  "lastModified": "2024-11-21T04:00:04.997",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-06T16:29:00.343",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738301"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143796"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125155.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/125155VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/125155VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Permissions Required
Impacted products
Vendor Product Version
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125155."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 125155."
    }
  ],
  "id": "CVE-2017-1294",
  "lastModified": "2024-11-21T03:21:39.810",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:00.620",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125155"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-06 14:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10716201Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/124628VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10716201Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/124628VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_collaborative_lifecycle_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "886BE49D-114F-4BF7-BE5C-2EEFA44CAFD6",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1428CCDC-D542-4983-B035-66FC28E5FF6A",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91C31818-990D-4CA2-8AB1-3039E447F2E8",
              "versionEndIncluding": "6.0.3",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site. IBM X-Force ID: 124628."
    },
    {
      "lang": "es",
      "value": "IBM Quality Manager (RQM) en versiones 5.0.x y desde la 6.0 hasta la 6.0.5 es vulnerable a inyecci\u00f3n HTML. Un atacante remoto podr\u00eda ejecutar c\u00f3digo HTML malicioso que, cuando se visualiza, se ejecutar\u00eda en el navegador web de la v\u00edctima en el contexto de seguridad del sitio anfitri\u00f3n. IBM X-Force ID: 124628."
    }
  ],
  "id": "CVE-2017-1248",
  "lastModified": "2024-11-21T03:21:34.687",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-06T14:29:00.710",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124628"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-06-13 19:29
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22004534Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/99060Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/120209Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22004534Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99060Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/120209Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.3
ibm rational_doors_next_generation 4.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.3
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.3
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 6.0.3
ibm rational_software_architect_design_manager 4.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_software_architect_design_manager 6.0.2
ibm rational_software_architect_design_manager 6.0.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B323BB-9966-4BBF-B5EE-44CD9A769A9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E997305-EC48-42C4-9408-EE622818BA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "141B7F93-4A02-4A60-94F1-A6D9A80A4889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "27404EC5-26B2-490E-8211-09783FEF084C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61CE7D3E-BF02-44DA-ADAE-5CB0E22492AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D97FEF-5C37-47EC-9B25-F05B9C5B03BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BEB8AD-ACD5-4F5B-8C95-8C1EA8BFE815",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B450B35-5169-4B41-B928-0F22DF55A28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9800CBFC-3169-42CA-BB36-22C34F222FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "543CFD7E-E204-436E-A88E-212A368F7AB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F267A6E4-93BE-43A0-B7EE-04B8143FB0EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209."
    },
    {
      "lang": "es",
      "value": "Jazz Foundation de IBM es vulnerable a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, lo que altera la funcionalidad deseada que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de segura. ID de IBM X-Force: 120209."
    }
  ],
  "id": "CVE-2016-9973",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-13T19:29:00.177",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004534"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99060"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120209"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124759.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/124759VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/124759VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Permissions Required
Impacted products
Vendor Product Version
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124759."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 124759."
    }
  ],
  "id": "CVE-2017-1281",
  "lastModified": "2024-11-21T03:21:37.937",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:00.513",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124759"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131760.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/131760Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/131760Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131760."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 131760."
    }
  ],
  "id": "CVE-2017-1561",
  "lastModified": "2024-11-21T03:22:04.990",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:01.057",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131760"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131761.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/131761Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/131761Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131761."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 131761."
    }
  ],
  "id": "CVE-2017-1562",
  "lastModified": "2024-11-21T03:22:05.127",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:01.107",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131761"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-03-14 22:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153495.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10875340Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/107435Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/153495VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10875340Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107435Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/153495VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "430B8F05-0B96-409A-AAFD-4F73C3B12AEB",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E6F6730-8D5D-4841-9D77-1E3810C2A324",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9940943B-377B-4176-A04B-D0AB72CA1472",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35C8771-5A65-4497-842A-7FE25EEBB82C",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B5A77F6-FE21-4EA8-AAC5-F6B025E2C1FE",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12477351-8D76-4DC0-BE6A-C9948E033723",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "732DE32F-6DDE-4612-B004-D6FC13067FE2",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153495."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager, desde la versi\u00f3n 5.0 hasta la 6.0.6) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 153495."
    }
  ],
  "id": "CVE-2018-1952",
  "lastModified": "2024-11-21T04:00:39.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-14T22:29:01.040",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107435"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153495"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-02 19:15
Modified
2024-11-21 05:32
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/181122VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6325343Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/181122VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6325343Vendor Advisory
Impacted products
Vendor Product Version
ibm doors_next 7.0
ibm engineering_requirements_management_doors_next 7.0.1
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm eni 7.0
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0363B97-BA15-49D0-A28B-2EE000AD5B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:eni:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C3EC655-99F2-4DA2-A5D9-3F858562F63A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122."
    },
    {
      "lang": "es",
      "value": "Las aplicaciones basadas en IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 181122"
    }
  ],
  "id": "CVE-2020-4445",
  "lastModified": "2024-11-21T05:32:44.740",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-02T19:15:18.033",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181122"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6325343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6325343"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-25 12:29
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22009296Issue Tracking, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/101587Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/126856VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22009296Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101587Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/126856VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856."
    },
    {
      "lang": "es",
      "value": "Team Concert (RTC) de IBM es vulnerable a Cross-Site Scripting (XSS) Esta vulnerabilidad permite que los usuarios embeban c\u00c3\u00b3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades planeadas. Esto podr\u00c3\u00ada dar lugar a una revelaci\u00c3\u00b3n de credenciales en una sesi\u00c3\u00b3n de confianza. IBM X-Force ID: 126856."
    }
  ],
  "id": "CVE-2017-1363",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-25T12:29:00.360",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101587"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126856"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-05-15 21:29
Modified
2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22003064Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22003064Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.3
ibm rational_doors_next_generation 4.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.3
ibm rational_engineering_lifecycle_manager 4.0
ibm rational_engineering_lifecycle_manager 4.0.1
ibm rational_engineering_lifecycle_manager 4.0.2
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.3
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 6.0.3
ibm rational_software_architect_design_manager 4.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_software_architect_design_manager 6.0.2
ibm rational_software_architect_design_manager 6.0.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B323BB-9966-4BBF-B5EE-44CD9A769A9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E997305-EC48-42C4-9408-EE622818BA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "141B7F93-4A02-4A60-94F1-A6D9A80A4889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "27404EC5-26B2-490E-8211-09783FEF084C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70C56C7-7811-40F6-BBBD-93E022393041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4377F30-6FDD-4232-92A4-62832E08A934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B494B8-27DC-4FA4-BB86-1FEF51A2FA6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61CE7D3E-BF02-44DA-ADAE-5CB0E22492AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D97FEF-5C37-47EC-9B25-F05B9C5B03BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BEB8AD-ACD5-4F5B-8C95-8C1EA8BFE815",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B450B35-5169-4B41-B928-0F22DF55A28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9800CBFC-3169-42CA-BB36-22C34F222FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "543CFD7E-E204-436E-A88E-212A368F7AB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F267A6E4-93BE-43A0-B7EE-04B8143FB0EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,"
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation podr\u00eda permitir que un usuario autenticado obtenga informaci\u00f3n confidencial de las trazas de pila. IBM X-Force ID: 119781"
    }
  ],
  "id": "CVE-2016-9735",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-15T21:29:00.207",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003064"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-10 16:29
Modified
2024-11-21 03:59
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10716599Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/139026Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10716599Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/139026Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D60CEDB8-034B-45E2-9CD6-EDBAC42F8004",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A559F0D7-DFB9-4CBB-8F64-EE7FE1B4DFE5",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C7E065-EAF0-4A4D-B6F8-A2705C287EE7",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64000F3-395D-4826-92DD-DB2489470462",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "130C05BE-0919-4A40-9F1E-C7AB4D718D05",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "886BE49D-114F-4BF7-BE5C-2EEFA44CAFD6",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C61916-4F4D-4DD3-8F09-F55322767C14",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B07DA35D-2527-4DE8-97F1-9FC1C48255EE",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E0686F-C62F-4A6A-861E-19467C8018A0",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1113669B-B338-4ABD-9A34-B57880020C84",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F767CA4-A024-44A4-A987-17057E1A6245",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4BE1EAE-1C18-4FC0-A7FB-A58C011CF1F9",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation podr\u00edan revelar informaci\u00f3n sensible a un atacante autenticado que podr\u00eda conducir a m\u00e1s ataques contra el sistema. IBM X-Force ID: 139026."
    }
  ],
  "id": "CVE-2018-1423",
  "lastModified": "2024-11-21T03:59:47.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-10T16:29:00.503",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716599"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139026"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-03-14 22:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150432.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10875318Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/107433Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/150432VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10875318Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107433Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/150432VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "430B8F05-0B96-409A-AAFD-4F73C3B12AEB",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35C8771-5A65-4497-842A-7FE25EEBB82C",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150432."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager, desde la versi\u00f3n 5.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 150432."
    }
  ],
  "id": "CVE-2018-1829",
  "lastModified": "2024-11-21T04:00:28.333",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-14T22:29:00.743",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107433"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150432"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-12-27 16:29
Modified
2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22011815Issue Tracking, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/123661Issue Tracking, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22011815Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/123661Issue Tracking, VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager 5.0.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0.0
ibm rational_software_architect_design_manager 6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D974C0B2-5C29-4298-8AD7-28794B5ED473",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92A37B81-7F7D-4942-8FAB-CDAAAA00C524",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB5653C-C3DD-471B-B644-6E3128CA7401",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB171CCC-251B-42DD-BFE5-FA0193B2111F",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3F0FEE7-6D74-494E-9081-D4942FE17CEB",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "909CD52D-BC7A-467F-A88B-15150C6A41ED",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA2EE62-E164-4725-8FCE-8438C835735F",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E769AC93-2F4C-4ADC-8228-B5C82FC445A1",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5C09499-13C3-4F91-A68D-C8FEB77B18DE",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5EE3277-D8B8-44B6-8FBF-131B655F72AD",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA536CF-BF5F-42F1-8F7A-7850E4AC9319",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BABC587-0E98-4CE1-AD8C-4045D3CA2941",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A9B6E48-DF7B-4E10-A1AF-B3008ECE08E2",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06626B42-DA20-4266-B4B8-F98E5525C2FC",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A1EBFE0-1EA4-46A9-866B-3ED2E1187612",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E4B3B3C-85EA-418E-9F2B-7E40AC8CB6A1",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9DA362-C185-4467-B0BC-20703EAE5D69",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED534E3-80EF-40AF-927A-20D59DA7B045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661."
    },
    {
      "lang": "es",
      "value": "Es posible que una vulnerabilidad no revelada en las aplicaciones CLM (incluido IBM Rational Collaborative Lifecycle Management 4.0, 5.0 y 6.0) no restrinja el acceso URL. IBM X-Force ID: 123661."
    }
  ],
  "id": "CVE-2017-1191",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-27T16:29:13.917",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22011815"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22011815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123661"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-27 14:15
Modified
2024-11-21 04:43
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10956525Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/159648VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10956525Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/159648VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6191DCC1-0B3D-4E9C-A344-F7B1BFFE2088",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F290FC9D-C447-48FC-9B1C-C6E70E547604",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "872DDF37-D4BB-42DB-A902-BFA2E5C4B458",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D478070E-E421-4987-8726-D8BD3C9B641C",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44C1F02-258A-49F2-A610-64F357F42AD5",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFD7DC9-CCC6-4276-87A6-34C72BBF5CDE",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1) son vulnerables a los scripts entre sitios. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, por lo tanto, alterar la funcionalidad deseada que podr\u00eda llevar a la revelaci\u00f3n de credenciales dentro de una sesi\u00f3n segura. ID de IBM X-Force: 159648."
    }
  ],
  "id": "CVE-2019-4250",
  "lastModified": "2024-11-21T04:43:22.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-27T14:15:10.677",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159648"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-03-14 22:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154136.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10875364Product, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/107419Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/154136VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10875364Product, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107419Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/154136VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "430B8F05-0B96-409A-AAFD-4F73C3B12AEB",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "732DE32F-6DDE-4612-B004-D6FC13067FE2",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154136."
    },
    {
      "lang": "es",
      "value": "IBM Rational Team Concert, desde la versi\u00f3n 5.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 154136."
    }
  ],
  "id": "CVE-2018-1983",
  "lastModified": "2024-11-21T04:00:41.687",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-14T22:29:01.117",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Product",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875364"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107419"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154136"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-09-12 10:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21989899Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/92840
psirt@us.ibm.comhttp://www.securitytracker.com/id/1036814
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21989899Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/92840
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036814
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en IBM Rational Team Concert 6.0.1 y 6.0.2 en versiones anteriores a 6.0.2 iFix2 y Rational Collaborative Lifecycle Management 6.0.1 y 6.0.2 en versiones anteriores a 6.0.2 iFix2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
    }
  ],
  "id": "CVE-2016-0331",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-09-12T10:59:00.130",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989899"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/92840"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1036814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/92840"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036814"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-03-23 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133127.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22014815Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/103477Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/133127VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22014815Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103477Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/133127VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F04AB63-431B-4AB3-B8B0-48664B7340CC",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1C422A-3D5F-48B1-BC6E-954D1AFA34F9",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "886BE49D-114F-4BF7-BE5C-2EEFA44CAFD6",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1428CCDC-D542-4983-B035-66FC28E5FF6A",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CDEB94-002E-479A-A055-F3FD38D3AE41",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A559F0D7-DFB9-4CBB-8F64-EE7FE1B4DFE5",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8934D3C7-2C1C-4BE0-B3F5-320364879DC3",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E769AC93-2F4C-4ADC-8228-B5C82FC445A1",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64000F3-395D-4826-92DD-DB2489470462",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "130C05BE-0919-4A40-9F1E-C7AB4D718D05",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA536CF-BF5F-42F1-8F7A-7850E4AC9319",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F767CA4-A024-44A4-A987-17057E1A6245",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B398352-76E1-4727-B34C-620F26CBD5BF",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19611ED3-74F3-4124-A334-09A66A9274A9",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B07DA35D-2527-4DE8-97F1-9FC1C48255EE",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B2601D1-4D55-4B4A-9CED-CF736270E63F",
              "versionEndIncluding": "6.0.5",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D29F101-F08E-42A1-B7F2-1BD982F81221",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1113669B-B338-4ABD-9A34-B57880020C84",
              "versionEndIncluding": "5.0.2",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA82CE3A-560B-4D43-98B9-BD9EF9E8DFE6",
              "versionEndIncluding": "6.0.1",
              "versionStartExcluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133127."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 y 6.0) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 133127."
    }
  ],
  "id": "CVE-2017-1629",
  "lastModified": "2024-11-21T03:22:09.597",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-23T19:29:00.337",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103477"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133127"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133263.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/133263VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/133263VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133263."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 133263."
    }
  ],
  "id": "CVE-2017-1652",
  "lastModified": "2024-11-21T03:22:10.537",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:01.497",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133263"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131778.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/131778VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/131778VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131778."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 131778."
    }
  ],
  "id": "CVE-2017-1568",
  "lastModified": "2024-11-21T03:22:05.813",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:01.263",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131778"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-11-30 11:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21992151Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/93515Third Party Advisory, VDB Entry
psirt@us.ibm.comhttp://www.securitytracker.com/id/1037025
psirt@us.ibm.comhttp://www.securitytracker.com/id/1037026
psirt@us.ibm.comhttp://www.securitytracker.com/id/1037027
psirt@us.ibm.comhttp://www.securitytracker.com/id/1037028
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21992151Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/93515Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037025
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037026
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037027
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037028
Impacted products
Vendor Product Version
ibm rational_engineering_lifecycle_manager 4.0.0
ibm rational_engineering_lifecycle_manager 4.0.1
ibm rational_engineering_lifecycle_manager 4.0.2
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_quality_manager 4.0.0
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_software_architect_design_manager 4.0.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_doors_next_generation 4.0.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_team_concert 4.0.0
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF24F7E-C48D-42CE-98AD-71F042014B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4377F30-6FDD-4232-92A4-62832E08A934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B494B8-27DC-4FA4-BB86-1FEF51A2FA6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5419531-869F-4389-AF72-18F6E0DF3CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6B3E2B-B33D-4FB4-A8CF-0D3C781B371E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC4C9D2-6799-44B5-AEF4-47DD3CC012FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED534E3-80EF-40AF-927A-20D59DA7B045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2500F56F-C615-4836-9F6E-44985F898E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en IBM Rational Collaborative Lifecycle Management 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Quality Manager 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Team Concert 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17 y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-3014",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-30T11:59:23.357",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992151"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93515"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037025"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037026"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037027"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1037028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037028"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134796.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/134796VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/134796VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Permissions Required
Impacted products
Vendor Product Version
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134796."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 134796."
    }
  ],
  "id": "CVE-2017-1717",
  "lastModified": "2024-11-21T03:22:15.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:01.717",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134796"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-07-05 17:29
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22004611Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/99352Third Party Advisory, VDB Entry
psirt@us.ibm.comhttp://www.securitytracker.com/id/1038912
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/119529Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22004611Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99352Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038912
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/119529Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.3
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2500F56F-C615-4836-9F6E-44985F898E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBEB328-08B8-41ED-8D80-748948CB2BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B323BB-9966-4BBF-B5EE-44CD9A769A9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529."
    },
    {
      "lang": "es",
      "value": "IBM Team Concert versiones 4.0, 5.0 y 6.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios integrar c\u00f3digo JavaScript arbitrario en la interfaz de usuario Web, alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. IBM X-Force ID: 119529."
    }
  ],
  "id": "CVE-2016-9701",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-05T17:29:00.170",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99352"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1038912"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119529"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119529"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134065.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/134065Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/134065Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134065."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 134065."
    }
  ],
  "id": "CVE-2017-1690",
  "lastModified": "2024-11-21T03:22:13.317",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:01.543",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134065"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-03-31 18:59
Modified
2025-04-20 01:37
Severity ?
8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/97171Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=swg22000784Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/97171Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=swg22000784Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_rhapsody_design_manager 4.0
ibm rational_rhapsody_design_manager 4.0.1
ibm rational_rhapsody_design_manager 4.0.2
ibm rational_rhapsody_design_manager 4.0.3
ibm rational_rhapsody_design_manager 4.0.4
ibm rational_rhapsody_design_manager 4.0.5
ibm rational_rhapsody_design_manager 4.0.6
ibm rational_rhapsody_design_manager 4.0.7
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_rhapsody_design_manager 6.0.2
ibm rational_rhapsody_design_manager 6.0.3
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.6
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_engineering_lifecycle_manager 4.0
ibm rational_engineering_lifecycle_manager 4.0.1
ibm rational_engineering_lifecycle_manager 4.0.2
ibm rational_engineering_lifecycle_manager 4.0.3
ibm rational_engineering_lifecycle_manager 4.0.4
ibm rational_engineering_lifecycle_manager 4.0.5
ibm rational_engineering_lifecycle_manager 4.0.6
ibm rational_engineering_lifecycle_manager 4.0.7
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.3
ibm rational_software_architect_design_manager 4.0
ibm rational_software_architect_design_manager 4.0.1
ibm rational_software_architect_design_manager 4.0.2
ibm rational_software_architect_design_manager 4.0.3
ibm rational_software_architect_design_manager 4.0.4
ibm rational_software_architect_design_manager 4.0.5
ibm rational_software_architect_design_manager 4.0.6
ibm rational_software_architect_design_manager 4.0.7
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0
ibm rational_software_architect_design_manager 6.0.1
ibm rational_software_architect_design_manager 6.0.2
ibm rational_software_architect_design_manager 6.0.3
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_doors_next_generation 4.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0
ibm rational_doors_next_generation 6.0.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.3
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B201E3D-1028-4955-AFE2-AF8C14CAA182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C966E0-6372-4CA5-902E-DEE17FC139E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF978C93-8747-416A-890B-09575EF0BA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BEB8AD-ACD5-4F5B-8C95-8C1EA8BFE815",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0F2747-175E-4B85-9020-162F019860EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70C56C7-7811-40F6-BBBD-93E022393041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4377F30-6FDD-4232-92A4-62832E08A934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B494B8-27DC-4FA4-BB86-1FEF51A2FA6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61CE7D3E-BF02-44DA-ADAE-5CB0E22492AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D97FEF-5C37-47EC-9B25-F05B9C5B03BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B450B35-5169-4B41-B928-0F22DF55A28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9800CBFC-3169-42CA-BB36-22C34F222FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "543CFD7E-E204-436E-A88E-212A368F7AB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F267A6E4-93BE-43A0-B7EE-04B8143FB0EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E997305-EC48-42C4-9408-EE622818BA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "141B7F93-4A02-4A60-94F1-A6D9A80A4889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "27404EC5-26B2-490E-8211-09783FEF084C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3B323BB-9966-4BBF-B5EE-44CD9A769A9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation es vulnerable a una denegaci\u00f3n de servicio, causada por un error de XML Entity Injection XXE XML al procesar datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n altamente sensible o consumir todos los recursos de memoria disponibles. IBM Reference #: 2000784."
    }
  ],
  "id": "CVE-2016-9707",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 7.8,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-31T18:59:00.373",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97171"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22000784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22000784"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-27 14:15
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/148605VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/148605VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *
ibm rhapsody_model_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6191DCC1-0B3D-4E9C-A344-F7B1BFFE2088",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F290FC9D-C447-48FC-9B1C-C6E70E547604",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "872DDF37-D4BB-42DB-A902-BFA2E5C4B458",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D478070E-E421-4987-8726-D8BD3C9B641C",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44C1F02-258A-49F2-A610-64F357F42AD5",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFD7DC9-CCC6-4276-87A6-34C72BBF5CDE",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED8AC12E-E329-49BA-A0A4-E3228C1C0EA7",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1 es vulnerable a los scripts entre sitios. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, por lo tanto, alterar la funcionalidad deseada que podr\u00eda llevar a la revelaci\u00f3n de credenciales dentro de una sesi\u00f3n segura. ID de IBM X-Force: 148605"
    }
  ],
  "id": "CVE-2018-1758",
  "lastModified": "2024-11-21T04:00:18.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-27T14:15:09.987",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148605"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-28 13:15
Modified
2024-11-21 05:33
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/192434VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6475919Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/192434VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6475919Vendor Advisory
Impacted products
Vendor Product Version
ibm engineering_lifecycle_optimization_-_engineering_insights 7.0
ibm engineering_lifecycle_optimization_-_engineering_insights 7.0.1
ibm engineering_lifecycle_optimization_-_engineering_insights 7.0.2
ibm engineering_requirements_quality_assistant_on-premises *
ibm engineering_test_management 7.0.0
ibm engineering_test_management 7.0.1
ibm engineering_test_management 7.0.2
ibm engineering_workflow_management 7.0
ibm engineering_workflow_management 7.0.1
ibm engineering_workflow_management 7.0.2
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_doors_next_generation 7.0
ibm rational_doors_next_generation 7.0.1
ibm rational_doors_next_generation 7.0.2
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71DDBA2B-4D8E-4782-81E4-8AB65B8F5D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FA46498-28A1-4297-AAC2-CCEE1F215A59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E343D74-88D6-4F42-ABB4-F7C52225B760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_quality_assistant_on-premises:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96D318F-AF7A-4CD6-BC68-CBE808D41705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3E6C51-5565-40CA-86CB-8D5389D2C903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC281E37-FEF1-400D-8BD1-A59162FF533A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B09ABA-91F9-445E-ABC8-E87843FD37EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "560D5BFC-73B1-4CF1-80BC-E027B0EE12C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9888EE-B832-4FD9-931D-A5640BE9916C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434."
    },
    {
      "lang": "es",
      "value": "Los productos IBM Jazz Foundation son vulnerables a la falsificaci\u00f3n de solicitudes del lado del servidor (SSRF). Esto puede permitir que un atacante autenticado env\u00ede solicitudes no autorizadas desde el sistema, lo que podr\u00eda conducir a la enumeraci\u00f3n de la red o facilitar otros ataques. ID de IBM X-Force: 192434"
    }
  ],
  "id": "CVE-2020-4974",
  "lastModified": "2024-11-21T05:33:29.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-28T13:15:08.113",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6475919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6475919"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-02 19:15
Modified
2024-11-21 05:32
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/182397VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6325343Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/182397VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6325343Vendor Advisory
Impacted products
Vendor Product Version
ibm doors_next 7.0
ibm engineering_requirements_management_doors_next 7.0.1
ibm engineering_test_management 7.0.0
ibm engineering_workflow_management 7.0.0
ibm engineering_workflow_management 7.0.1
ibm eni 7.0
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.6
ibm rational_collaborative_lifecycle_management 6.0.6.1
ibm rational_doors_next_generation 6.0.2
ibm rational_doors_next_generation 6.0.6
ibm rational_doors_next_generation 6.0.6.1
ibm rational_engineering_lifecycle_manager 6.0.2
ibm rational_engineering_lifecycle_manager 6.0.6
ibm rational_engineering_lifecycle_manager 6.0.6.1
ibm rational_engineering_lifecycle_manager 7.0
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.6
ibm rational_quality_manager 6.0.6.1
ibm rational_team_concert 6.0.2
ibm rational_team_concert 6.0.6
ibm rational_team_concert 6.0.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0363B97-BA15-49D0-A28B-2EE000AD5B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "851FF0C7-64EC-4A6A-9C81-0791C3E68D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46C5E316-FB11-4EDD-A22C-22E571DF9091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:eni:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C3EC655-99F2-4DA2-A5D9-3F858562F63A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1311F7EA-159F-4B61-8619-4B0D64F243CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D876A8D-039C-4568-881B-73CF8337C75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC07233F-DD23-4869-9E3D-A1634B951A87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397."
    },
    {
      "lang": "es",
      "value": "Las Aplicaciones basadas en IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 182397"
    }
  ],
  "id": "CVE-2020-4522",
  "lastModified": "2024-11-21T05:32:50.497",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-02T19:15:18.297",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182397"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6325343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6325343"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125727.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/125727Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/125727Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125727."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 125727."
    }
  ],
  "id": "CVE-2017-1315",
  "lastModified": "2024-11-21T03:21:42.053",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:00.933",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125727"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-26 21:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22012712Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/102853Third Party Advisory, VDB Entry
psirt@us.ibm.comhttp://www.securitytracker.com/id/1040305Third Party Advisory, VDB Entry
psirt@us.ibm.comhttp://www.securitytracker.com/id/1040306Third Party Advisory, VDB Entry
psirt@us.ibm.comhttp://www.securitytracker.com/id/1040307Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/133268VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22012712Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102853Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040305Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040306Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040307Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/133268VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *
ibm rational_team_concert *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager 6.0
ibm rational_software_architect_design_manager 6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "366EBB78-E018-4971-BDFB-5670ECE8F08D",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "421ADB80-9C0A-4B42-B4A7-5CBF561DC7E4",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "396EBEA3-CF77-4D2C-B8D8-CAB306391092",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "008561A7-B37F-4F11-8635-B29726FFEFCC",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29540A04-2A13-434B-A9EE-FB9809803000",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DDC114-8067-4332-953D-A39D0660E962",
              "versionEndIncluding": "6.0.4",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9800CBFC-3169-42CA-BB36-22C34F222FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 133268."
    }
  ],
  "id": "CVE-2017-1653",
  "lastModified": "2024-11-21T03:22:10.663",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-26T21:29:00.977",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012712"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102853"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040305"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040306"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040307"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133268"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-03-20 16:59
Modified
2025-04-20 01:37
Severity ?
6.8 (Medium) - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21999965Patch, Vendor Advisory
nvd@nist.govhttps://exchange.xforce.ibmcloud.com/vulnerabilities/113994?cm_mc_uid=06394756914614889387221&cm_mc_sid_50200000=1490229077Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21999965Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no revelada en las aplicaciones CLM en IBM Jazz Team Server podr\u00eda permitir acceso no autorizado a credenciales de usuario. Referencia de IBM: 1999965."
    }
  ],
  "id": "CVE-2016-2981",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-20T16:59:01.657",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21999965"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113994?cm_mc_uid=06394756914614889387221\u0026cm_mc_sid_50200000=1490229077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21999965"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134066.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/134066VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/134066VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Permissions Required
Impacted products
Vendor Product Version
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871EF36-B640-42B3-AC50-DFD707E53953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3010A6F8-A2C7-4236-B5F8-21BC6581B823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134066."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 134066."
    }
  ],
  "id": "CVE-2017-1691",
  "lastModified": "2024-11-21T03:22:13.443",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:01.607",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134066"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-03-14 22:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 144884.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10875340Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/107435
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/144884VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10875340Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107435
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/144884VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "430B8F05-0B96-409A-AAFD-4F73C3B12AEB",
              "versionEndIncluding": "6.0.6",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 144884."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 6.0.6) es vulnerable a la inyecci\u00f3n de cabeceras HTTP, provocado por la validaci\u00f3n incorrecta de entradas. Mediante la persuasi\u00f3n de una v\u00edctima para que visite una p\u00e1gina web especialmente manipulada, un atacante remoto podr\u00eda explotar esta vulnerabilidad para inyectar cabeceras HTTP arbitrarias, lo que permitir\u00e1 que el atacante lleve a cabo varios ataques contra el sistema vulnerable, incluidos el Cross-Site Scripting (XSS), envenenamiento de cach\u00e9 o secuestro de sesi\u00f3n. IBM X-Force ID: 144884."
    }
  ],
  "id": "CVE-2018-1658",
  "lastModified": "2024-11-21T04:00:09.233",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-14T22:29:00.257",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/107435"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/107435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144884"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133261.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/133261Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/133261Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133261."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 133261."
    }
  ],
  "id": "CVE-2017-1651",
  "lastModified": "2024-11-21T03:22:10.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:01.450",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133261"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-27 14:15
Modified
2024-11-21 04:43
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10956525Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/157383VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10956525Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/157383VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6191DCC1-0B3D-4E9C-A344-F7B1BFFE2088",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F290FC9D-C447-48FC-9B1C-C6E70E547604",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "872DDF37-D4BB-42DB-A902-BFA2E5C4B458",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D478070E-E421-4987-8726-D8BD3C9B641C",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44C1F02-258A-49F2-A610-64F357F42AD5",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFD7DC9-CCC6-4276-87A6-34C72BBF5CDE",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1) son vulnerables a los cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, por lo tanto, alterar la funcionalidad deseada que podr\u00eda llevar a la revelaci\u00f3n de credenciales dentro de una sesi\u00f3n segura. ID de IBM X-Force: 157383."
    }
  ],
  "id": "CVE-2019-4083",
  "lastModified": "2024-11-21T04:43:08.453",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-27T14:15:10.503",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157383"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-03 19:29
Modified
2024-11-21 03:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125729.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/125729Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/125729Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www-prd-trops.events.ibm.com/node/715749Broken Link, Third Party Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4
ibm rational_collaborative_lifecycle_management 6.0.5
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_quality_manager 6.0.2
ibm rational_quality_manager 6.0.3
ibm rational_quality_manager 6.0.4
ibm rational_quality_manager 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "715AA08F-7DA8-4157-8A0B-C5A3A47E969B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52E547E-F256-4B0B-92B0-5A0934516534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C2970D-4872-48D2-B472-88F79D421C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9773E58-D118-445C-9F1C-A897BF742176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125729."
    },
    {
      "lang": "es",
      "value": "IBM Rational Quality Manager y IBM Rational Collaborative Lifecycle Management, desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5, son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 125729."
    }
  ],
  "id": "CVE-2017-1317",
  "lastModified": "2024-11-21T03:21:42.307",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T19:29:01.027",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125729"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://www-prd-trops.events.ibm.com/node/715749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-25 12:29
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22009296Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/101593Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/123188VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22009296Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101593Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/123188VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management 4.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2
ibm rational_collaborative_lifecycle_management 6.0
ibm rational_collaborative_lifecycle_management 6.0.1
ibm rational_collaborative_lifecycle_management 6.0.2
ibm rational_collaborative_lifecycle_management 6.0.3
ibm rational_collaborative_lifecycle_management 6.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A61935D-D657-4DD8-936D-D9D956F49131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08EF876-5D00-45DC-A724-D2496854D87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88989B56-B482-4FCA-98D7-9869CD86C15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D6232-16BC-4985-97BE-9AEA8E30FB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CFA6A6-19E4-4325-BCDF-5AFA8A366196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F23D62A7-F471-456B-BD89-766371848DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F33689-E176-46CA-8D5E-088081F424FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188."
    },
    {
      "lang": "es",
      "value": "DOORS Siguiente generaci\u00c3\u00b3n de IBM (DNG/RRC) es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00c3\u00b3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades planeadas. Esto podr\u00c3\u00ada dar lugar a una revelaci\u00c3\u00b3n de credenciales en una sesi\u00c3\u00b3n de confianza. IBM X-Force ID: 123188."
    }
  ],
  "id": "CVE-2017-1169",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-25T12:29:00.250",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101593"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101593"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123188"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-03-18 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21698247Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21698247Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_quality_manager 2.0
ibm rational_quality_manager 2.0.0.1
ibm rational_quality_manager 2.0.0.2
ibm rational_quality_manager 2.0.1
ibm rational_quality_manager 2.0.1.1
ibm rational_quality_manager 3.0
ibm rational_quality_manager 3.0.1
ibm rational_quality_manager 3.0.1.1
ibm rational_quality_manager 3.0.1.2
ibm rational_quality_manager 3.0.1.3
ibm rational_quality_manager 3.0.1.4
ibm rational_quality_manager 3.0.1.5
ibm rational_quality_manager 3.0.1.6
ibm rational_quality_manager 4.0
ibm rational_quality_manager 4.0.0.1
ibm rational_quality_manager 4.0.0.2
ibm rational_quality_manager 4.0.1
ibm rational_quality_manager 4.0.2
ibm rational_quality_manager 4.0.3
ibm rational_quality_manager 4.0.4
ibm rational_quality_manager 4.0.5
ibm rational_quality_manager 4.0.7
ibm rational_quality_manager 5.0.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_requirements_composer 2.0
ibm rational_requirements_composer 2.0.0.1
ibm rational_requirements_composer 2.0.0.2
ibm rational_requirements_composer 2.0.0.3
ibm rational_requirements_composer 2.0.0.4
ibm rational_requirements_composer 3.0
ibm rational_requirements_composer 3.0.1
ibm rational_requirements_composer 3.0.1.1
ibm rational_requirements_composer 3.0.1.2
ibm rational_requirements_composer 3.0.1.3
ibm rational_requirements_composer 3.0.1.4
ibm rational_requirements_composer 3.0.1.5
ibm rational_requirements_composer 3.0.1.6
ibm rational_doors_next_generation 4.0.0
ibm rational_doors_next_generation 4.0.1
ibm rational_doors_next_generation 4.0.2
ibm rational_doors_next_generation 4.0.3
ibm rational_doors_next_generation 4.0.4
ibm rational_doors_next_generation 4.0.5
ibm rational_doors_next_generation 4.0.6
ibm rational_doors_next_generation 4.0.7
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_team_concert 2.0.0.1
ibm rational_team_concert 2.0.0.2
ibm rational_team_concert 3.0
ibm rational_team_concert 3.0.1
ibm rational_team_concert 3.0.1.1
ibm rational_team_concert 3.0.1.2
ibm rational_team_concert 3.0.1.3
ibm rational_team_concert 3.0.1.4
ibm rational_team_concert 3.0.1.5
ibm rational_team_concert 3.0.1.6
ibm rational_team_concert 4.0
ibm rational_team_concert 4.0.0.1
ibm rational_team_concert 4.0.0.2
ibm rational_team_concert 4.0.1
ibm rational_team_concert 4.0.2
ibm rational_team_concert 4.0.3
ibm rational_team_concert 4.0.4
ibm rational_team_concert 4.0.5
ibm rational_team_concert 4.0.6
ibm rational_team_concert 4.0.7
ibm rational_team_concert 5.0.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_collaborative_lifecycle_management 3.0.0
ibm rational_collaborative_lifecycle_management 3.0.1
ibm rational_collaborative_lifecycle_management 3.0.1.1
ibm rational_collaborative_lifecycle_management 3.0.1.2
ibm rational_collaborative_lifecycle_management 3.0.1.3
ibm rational_collaborative_lifecycle_management 3.0.1.4
ibm rational_collaborative_lifecycle_management 3.0.1.5
ibm rational_collaborative_lifecycle_management 3.0.1.6
ibm rational_collaborative_lifecycle_management 4.0.0
ibm rational_collaborative_lifecycle_management 4.0.1
ibm rational_collaborative_lifecycle_management 4.0.2
ibm rational_collaborative_lifecycle_management 4.0.3
ibm rational_collaborative_lifecycle_management 4.0.4
ibm rational_collaborative_lifecycle_management 4.0.5
ibm rational_collaborative_lifecycle_management 4.0.6
ibm rational_collaborative_lifecycle_management 4.0.7
ibm rational_collaborative_lifecycle_management 5.0.0
ibm rational_collaborative_lifecycle_management 5.0.1
ibm rational_collaborative_lifecycle_management 5.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CE0A31B-7A9B-40E6-8648-365D018BA0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A9E54DB-5CB0-4289-B1A7-EA82494A8FEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B2944B8-BFD1-4184-8E49-69385DD0C0D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71ECC4C2-BF61-47C7-8435-BE71F1AD0A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A826A681-A706-4512-B863-1FEABFBCC677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79E7EF2-5615-4300-BC0D-865DBDC8B46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59EB6D6-2A74-4988-912C-97045647F1ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EAB61F7-B5B4-47E8-8BFD-02F025358781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93D8CAB-0DF0-4A1D-B1A3-78FF892D04AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7204792C-1506-4E95-92CD-098F760FC429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FC134C-08AB-4874-B31D-B08CDF4C2DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1649F910-F8B9-4AAD-9743-C37B8784A771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E211DC-D0D7-4527-AE87-231A19D58C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20AABE5F-C942-45BB-86A9-C3F2E949D64E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A04D314-F6EB-41B9-945A-D8428D86B655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3717DCFC-1336-45EC-919C-E1CD1B37DA2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC743273-AD4B-4A14-9C0C-23A865A640C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E8B281-4A2E-41E9-8953-9F041030EF65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF24AEA-D261-485F-A7FF-D5DAF033C571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD53B1B-BCD3-4A8D-8FBB-4965FA30D9E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0FA509F-C96E-428C-A69A-7D96E1C219B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0229C996-3960-4A7A-BA2E-03819281CA6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FBFCAE-0324-4C8B-82F4-1EBFA440CB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17099F68-B49C-4433-98B6-7C7FE8846702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D43547B3-1085-48B1-A6D3-32B791EE09FE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4875C452-2466-45F1-8923-00E5340D74D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B15EF2E-A114-4128-85F1-889EDC3F6C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07F4E00-F0BA-4821-B5B4-3C0E9D01AAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80E49B8-8BC4-4150-B86A-A5E474F4E598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6915A8F-05A1-4D39-BF53-0C3F4B155A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E92346D-B1A8-43F8-B2C1-E69A3301560B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F081AEF5-3F0F-4D58-8BBE-EDB9C569CAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "44840CC3-5720-4AF8-B508-67AB5E3E1CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F65519B-90F8-4A17-BA94-FDFDE5BF8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9641F4-846F-4FB0-BE40-F30972C87D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E21B53E-28C2-4930-88F3-3AADD1BF31B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF2CAB1D-B5AB-42D2-8F35-52C6F64EC0FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "71816D92-AC01-4F7D-A878-7280175BB422",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D17CA5-2B63-4914-9DBF-5861F69B5238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D3B001F-0031-4BED-9A49-B9589EC9E5CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8CED8F4-22A6-4945-A21F-0D399BE661F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FA0B68-62BE-45B5-A359-1F922BEA587C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Rational Jazz Team Server (JTS), utilizado en Rational Collaborative Lifecycle Management 3.x y 4.x anterior a 4.0.7 iFix4 y 5.x anterior a 5.0.2 iFix2; Rational Quality Manager 2.x y 3.x anterior a 3.0.1.6 iFix5, 4.x anterior a 4.0.7 iFix4, y 5.x anterior a 5.0.2 iFix2; Rational Team Concert 2.x y 3.x anterior a 3.0.1.6 iFix5, 4.x anterior a 4.0.7 iFix4, y 5.x anterior a 5.0.2 iFix2; Rational DOORS Next Generation 4.x anterior a 4.0.7 iFix4 y 5.x anterior a 5.0.2 iFix2; Rational Requirements Composer 2.x y 3.x anterior a 3.0.1.6 iFix5; y otros productos, permite a usuarios remotos autenticados eliminar los paneles de control de usuarios arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-6129",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-03-18T10:59:00.073",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698247"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-27 14:15
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148614.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/148614VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10956525Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/148614VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_doors_next_generation *
ibm rational_engineering_lifecycle_manager *
ibm rational_quality_manager *
ibm rational_rhapsody_design_manager *
ibm rational_software_architect_design_manager *
ibm rational_team_concert *
ibm rhapsody_model_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6191DCC1-0B3D-4E9C-A344-F7B1BFFE2088",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F290FC9D-C447-48FC-9B1C-C6E70E547604",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "872DDF37-D4BB-42DB-A902-BFA2E5C4B458",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D478070E-E421-4987-8726-D8BD3C9B641C",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44C1F02-258A-49F2-A610-64F357F42AD5",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFD7DC9-CCC6-4276-87A6-34C72BBF5CDE",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED8AC12E-E329-49BA-A0A4-E3228C1C0EA7",
              "versionEndIncluding": "6.0.6.1",
              "versionStartIncluding": "6.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148614."
    },
    {
      "lang": "es",
      "value": "IBM Rational Collaborative Lifecycle Management 6.0 a 6.0.6.1 es vulnerable a los scripts entre sitios. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, por lo tanto, alterar la funcionalidad deseada que podr\u00eda llevar a la revelaci\u00f3n de credenciales dentro de una sesi\u00f3n segura. ID de IBM X-Force: 148614."
    }
  ],
  "id": "CVE-2018-1760",
  "lastModified": "2024-11-21T04:00:19.123",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-27T14:15:10.037",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148614"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-03-15 22:29
Modified
2024-11-21 02:36
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108296.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21982747Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/108296VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21982747Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/108296VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm rational_collaborative_lifecycle_management *
ibm rational_quality_manager *
ibm rational_quality_manager *
ibm rational_quality_manager 5.0
ibm rational_quality_manager 5.0.1
ibm rational_quality_manager 5.0.2
ibm rational_quality_manager 6.0
ibm rational_quality_manager 6.0.1
ibm rational_team_concert *
ibm rational_team_concert *
ibm rational_team_concert 5.0
ibm rational_team_concert 5.0.1
ibm rational_team_concert 5.0.2
ibm rational_team_concert 6.0
ibm rational_team_concert 6.0.1
ibm rational_requirements_composer *
ibm rational_requirements_composer *
ibm rational_doors_next_generation *
ibm rational_doors_next_generation 5.0
ibm rational_doors_next_generation 5.0.1
ibm rational_doors_next_generation 5.0.2
ibm rational_doors_next_generation 6.0.0
ibm rational_doors_next_generation 6.0.1
ibm rational_engineering_lifecycle_manager *
ibm rational_engineering_lifecycle_manager 5.0
ibm rational_engineering_lifecycle_manager 5.0.1
ibm rational_engineering_lifecycle_manager 5.0.2
ibm rational_engineering_lifecycle_manager 6.0
ibm rational_engineering_lifecycle_manager 6.0.1
ibm rational_rhapsody_design_manager *
ibm rational_rhapsody_design_manager 5.0
ibm rational_rhapsody_design_manager 5.0.1
ibm rational_rhapsody_design_manager 5.0.2
ibm rational_rhapsody_design_manager 6.0
ibm rational_rhapsody_design_manager 6.0.1
ibm rational_software_architect_design_manager *
ibm rational_software_architect_design_manager 5.0
ibm rational_software_architect_design_manager 5.0.1
ibm rational_software_architect_design_manager 5.0.2
ibm rational_software_architect_design_manager 6.0
ibm rational_software_architect_design_manager 6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5103D1D-DC6C-40CE-8092-5102E8F10A6E",
              "versionEndIncluding": "6.0.1",
              "versionStartIncluding": "3.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEF02561-E60D-4577-B4AB-D2085B3599F1",
              "versionEndIncluding": "3.0.1.6",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1C422A-3D5F-48B1-BC6E-954D1AFA34F9",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D094EE5E-DF84-4922-A612-35CD4DC4D875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1186E8-2639-476F-802E-580D98F2E255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569ED1E-D61E-4F97-825B-2B20A1C03319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52984F5-4372-4D13-95B1-51F4DB19D425",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "748629D9-94EA-4A8C-84D9-16AD00442C05",
              "versionEndIncluding": "3.0.6",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CDEB94-002E-479A-A055-F3FD38D3AE41",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5C385D-6C5B-4D5E-8628-6D80E8E54403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23C054AA-DA70-431C-A410-01671854C0D0",
              "versionEndIncluding": "3.0.1.6",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CAE640E-7342-44B0-8C02-97EE71ECAD91",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B3D3092-A570-45DE-9CD4-72E01787D189",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2431038-D838-4AB0-B614-EDC1D4D203E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F32526-C148-4FCE-B32B-88A8F2BB3A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "749C6DAF-EF92-40DD-9CE8-535D1C5BB745",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA536CF-BF5F-42F1-8F7A-7850E4AC9319",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61CE7D3E-BF02-44DA-ADAE-5CB0E22492AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ECD177-5310-44DA-A364-1077898C3A50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19611ED3-74F3-4124-A334-09A66A9274A9",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E654FB-BD17-4308-9CD0-163D8DA0BD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B9D0C8-2EB2-4209-8495-1B3B823D9A41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EF2E53-3618-4610-AC36-602584DB26EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D29F101-F08E-42A1-B7F2-1BD982F81221",
              "versionEndIncluding": "4.0.7",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9800CBFC-3169-42CA-BB36-22C34F222FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3E975D-3D7B-4DE3-B961-BA6D38329563",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108296."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad Cross-Site Scripting (XSS) en IBM Rational Collaborative Lifecycle Management (CLM) en versiones 3.0.1 anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1, 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x anteriores a 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x anteriores a 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6 y 4.0.7 anteriores a iFix10, 5.0.x anteriores a 5.0.2 iFix1 y 6.0.x anteriores a 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x anteriores a 4.0.7 iFix10, 5.0.x anteriores a 5.0.2 iFix15 y 6.0.x anteriores a 6.0.1 iFix4 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores sin especificar. IBM X-Force ID: 108296."
    }
  ],
  "id": "CVE-2015-7453",
  "lastModified": "2024-11-21T02:36:49.100",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-15T22:29:00.307",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108296"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}