Vulnerability-Lookup - Search a vulnerability

Version: 5.0.2

Version: 5.0
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:35:02.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100124",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100124"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118912"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.2"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-05T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "100124",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100124"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118912"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-07-20T00:00:00",
          "ID": "CVE-2016-8975",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100124",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100124"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118912",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118912"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22006052",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-8975",
    "datePublished": "2017-07-24T21:00:00Z",
    "dateReserved": "2016-10-25T00:00:00",
    "dateUpdated": "2024-09-16T16:54:11.518Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3042 (GCVE-0-2013-3042)

Vulnerability from cvelistv5

Published

2013-12-14 22:00

Modified

2024-08-06 16:00

Severity ?

CWE

n/a

Summary

Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/84768	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg21655724	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:00:09.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "rhapsody-dm-cve20133042-server-dir-trav(84768)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84768"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "rhapsody-dm-cve20133042-server-dir-trav(84768)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84768"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-3042",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "rhapsody-dm-cve20133042-server-dir-trav(84768)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84768"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-3042",
    "datePublished": "2013-12-14T22:00:00",
    "dateReserved": "2013-04-12T00:00:00",
    "dateUpdated": "2024-08-06T16:00:09.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0948 (GCVE-0-2014-0948)

Vulnerability from cvelistv5

Published

2014-07-30 10:00

Modified

2024-08-06 09:34

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21678323	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/92621	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:34:40.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323"
          },
          {
            "name": "ibm-rsadm-cve20140948-zip(92621)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92621"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323"
        },
        {
          "name": "ibm-rsadm-cve20140948-zip(92621)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92621"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0948",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323"
            },
            {
              "name": "ibm-rsadm-cve20140948-zip(92621)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92621"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0948",
    "datePublished": "2014-07-30T10:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:34:40.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1287 (GCVE-0-2017-1287)

Vulnerability from cvelistv5

Published

2017-07-24 21:00

Modified

2024-09-16 17:17

Severity ?

CWE

Gain Access

Summary

IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/125148	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22006052	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

►

Version: 5.0.2

Version: 5.0
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:28.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125148"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.2"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-24T20:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125148"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-07-20T00:00:00",
          "ID": "CVE-2017-1287",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125148",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125148"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22006052",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1287",
    "datePublished": "2017-07-24T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T17:17:35.926Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4748 (GCVE-0-2019-4748)

Vulnerability from cvelistv5

Published

2020-07-16 15:05

Modified

2024-09-17 00:40

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C

CWE

Cross-Site Scripting

Summary

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6249133	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/173174	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

►

Rational DOORS Next Generation

Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0

IBM	Engineering Workflow Management	Version: 7.0
IBM	Rational Quality Manager	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Rational Rhapsody Design Manager	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Rational Team Concert	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1 Version: 7.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:48.968Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6249133"
          },
          {
            "name": "ibm-jazz-cve20194748-xss (173174)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2020-07-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/PR:L/UI:R/C:L/I:L/AC:L/S:C/A:N/E:H/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-16T15:05:34",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6249133"
        },
        {
          "name": "ibm-jazz-cve20194748-xss (173174)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-07-15T00:00:00",
          "ID": "CVE-2019-4748",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6249133",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6249133 (Rational Collaborative Lifecycle Management)",
              "url": "https://www.ibm.com/support/pages/node/6249133"
            },
            {
              "name": "ibm-jazz-cve20194748-xss (173174)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4748",
    "datePublished": "2020-07-16T15:05:34.858701Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T00:40:48.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1249 (GCVE-0-2017-1249)

Vulnerability from cvelistv5

Published

2017-07-24 21:00

Modified

2024-09-17 01:01

Severity ?

CWE

Cross-Site Scripting

Summary

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22006052	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/124629	x_refsource_MISC

Impacted products

Vendor

Product

Version

►

Version: 5.0.2

Version: 5.0
Version: 5.0.1
Version: 6.0
Version: 6.0.1
Version: 6.0.2
Version: 6.0.3

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.509Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124629"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.2"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            }
          ]
        }
      ],
      "datePublic": "2017-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-24T20:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124629"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-07-20T00:00:00",
          "ID": "CVE-2017-1249",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0"
                          },
                          {
                            "version_value": "5.0.1"
                          },
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "6.0.1"
                          },
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22006052",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124629",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124629"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1249",
    "datePublished": "2017-07-24T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T01:01:34.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20357 (GCVE-0-2021-20357)

Vulnerability from cvelistv5

Published

2021-01-27 16:15

Modified

2024-09-16 22:41

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C

CWE

Cross-Site Scripting

Summary

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6408694	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/194963	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

►

Rational DOORS Next Generation

Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1
Version: 7.0

IBM	Rational Quality Manager	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Rational Collaborative Lifecycle Management	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Rational Team Concert	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Engineering Test Management	Version: 7.0.0
IBM	Rational Rhapsody Design Manager	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Engineering Lifecycle Optimization	Version: 7.0
IBM	Rational Rhapsody Model Manager	Version: 6.0.6 Version: 6.0.6.1 Version: 7.0 Version: 6.0.2
IBM	Engineering Workflow Management	Version: 7.0 Version: 7.0.2
IBM	Rational Engineering Lifecycle Manager	Version: 7.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:24.055Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6408694"
          },
          {
            "name": "ibm-gcm-cve202120357-xss (194963)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2021-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/PR:L/C:L/AV:N/AC:L/S:C/A:N/UI:R/I:L/RL:O/RC:C/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-27T16:15:28",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6408694"
        },
        {
          "name": "ibm-gcm-cve202120357-xss (194963)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-26T00:00:00",
          "ID": "CVE-2021-20357",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6408694",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-gcm-cve202120357-xss (194963)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20357",
    "datePublished": "2021-01-27T16:15:28.467865Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-16T22:41:31.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4524 (GCVE-0-2020-4524)

Vulnerability from cvelistv5

Published

2021-01-27 16:15

Modified

2024-09-16 19:09

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C

CWE

Cross-Site Scripting

Summary

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6408694	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/182434	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

►

Rational Collaborative Lifecycle Management

Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1

IBM	Rational Team Concert	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Rational Quality Manager	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Rational DOORS Next Generation	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1 Version: 7.0
IBM	Engineering Lifecycle Optimization	Version: 7.0
IBM	Rational Rhapsody Design Manager	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Engineering Test Management	Version: 7.0.0
IBM	Rational Engineering Lifecycle Manager	Version: 7.0
IBM	Engineering Workflow Management	Version: 7.0 Version: 7.0.2
IBM	Rational Rhapsody Model Manager	Version: 6.0.6 Version: 6.0.6.1 Version: 7.0 Version: 6.0.2

Show details on NVD website

http://www-01.ibm.com/support/docview.wss?uid=swg21957763

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:49.025Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6408694"
          },
          {
            "name": "ibm-jazz-cve20204524-xss (182434)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/PR:L/C:L/AV:N/AC:L/A:N/UI:R/S:C/I:L/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-27T16:15:25",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6408694"
        },
        {
          "name": "ibm-jazz-cve20204524-xss (182434)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-26T00:00:00",
          "ID": "CVE-2020-4524",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6408694",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-jazz-cve20204524-xss (182434)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4524",
    "datePublished": "2021-01-27T16:15:25.871778Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T19:09:56.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0112 (GCVE-0-2015-0112)

Vulnerability from cvelistv5

Published

2015-06-07 18:00

Modified

2024-08-06 03:55

Severity ?

CWE

n/a

Summary

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

►

URL

Tags

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:28.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-06-07T18:57:00",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0112",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0112",
    "datePublished": "2015-06-07T18:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T03:55:28.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4855 (GCVE-0-2020-4855)

Vulnerability from cvelistv5

Published

2021-01-27 16:15

Modified

2024-09-17 01:46

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C

CWE

Cross-Site Scripting

Summary

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6408694	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/190457	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

►

Rational Collaborative Lifecycle Management

Version: 6.0.2
Version: 6.0.6
Version: 6.0.6.1

IBM	Rational Team Concert	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Rational Quality Manager	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Rational DOORS Next Generation	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1 Version: 7.0
IBM	Engineering Lifecycle Optimization	Version: 7.0
IBM	Rational Rhapsody Design Manager	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Engineering Test Management	Version: 7.0.0
IBM	Rational Engineering Lifecycle Manager	Version: 7.0
IBM	Engineering Workflow Management	Version: 7.0 Version: 7.0.2
IBM	Rational Rhapsody Model Manager	Version: 6.0.6 Version: 6.0.6.1 Version: 7.0 Version: 6.0.2

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.117Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6408694"
          },
          {
            "name": "ibm-engineering-cve20204855-xss (190457)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:L/A:N/UI:R/S:C/I:L/PR:L/C:L/AV:N/RC:C/RL:O/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-27T16:15:27",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6408694"
        },
        {
          "name": "ibm-engineering-cve20204855-xss (190457)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-26T00:00:00",
          "ID": "CVE-2020-4855",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6408694",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-engineering-cve20204855-xss (190457)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4855",
    "datePublished": "2021-01-27T16:15:27.177472Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T01:46:27.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5459 (GCVE-0-2013-5459)

Vulnerability from cvelistv5

Published

2014-04-21 22:00

Modified

2024-08-06 17:15

Severity ?

CWE

n/a

Summary

Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking.

References

►

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg21664531	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/84773	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664531"
          },
          {
            "name": "ibm-rsa-cve20135459-integrity(84773)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84773"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664531"
        },
        {
          "name": "ibm-rsa-cve20135459-integrity(84773)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84773"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5459",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21664531",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664531"
            },
            {
              "name": "ibm-rsa-cve20135459-integrity(84773)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84773"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5459",
    "datePublished": "2014-04-21T22:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4865 (GCVE-0-2020-4865)

Vulnerability from cvelistv5

Published

2021-01-27 16:15

Modified

2024-09-16 20:21

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C

CWE

Cross-Site Scripting

Summary

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6408694	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/190741	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

►

Engineering Lifecycle Optimization

Version: 7.0

IBM	Rational Rhapsody Design Manager	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Engineering Test Management	Version: 7.0.0
IBM	Rational Collaborative Lifecycle Management	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Rational Team Concert	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Rational Quality Manager	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Rational DOORS Next Generation	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1 Version: 7.0
IBM	Rational Engineering Lifecycle Manager	Version: 7.0
IBM	Engineering Workflow Management	Version: 7.0 Version: 7.0.2
IBM	Rational Rhapsody Model Manager	Version: 6.0.6 Version: 6.0.6.1 Version: 7.0 Version: 6.0.2

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:59.128Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6408694"
          },
          {
            "name": "ibm-engineering-cve20204865-xss (190741)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        }
      ],
      "datePublic": "2021-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/PR:L/C:L/I:L/AC:L/S:C/UI:R/A:N/RL:O/RC:C/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-27T16:15:27",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6408694"
        },
        {
          "name": "ibm-engineering-cve20204865-xss (190741)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-26T00:00:00",
          "ID": "CVE-2020-4865",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6408694",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-engineering-cve20204865-xss (190741)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4865",
    "datePublished": "2021-01-27T16:15:27.819250Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T20:21:28.445Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4547 (GCVE-0-2020-4547)

Vulnerability from cvelistv5

Published

2021-01-27 16:15

Modified

2024-09-17 03:18

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C

CWE

Gain Access

Summary

IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.

References

►

URL

Tags

	https://www.ibm.com/support/pages/node/6408694	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/183315	vdb-entry, x_refsource_XF

Impacted products

Vendor

Product

Version

►

Engineering Workflow Management

Version: 7.0
Version: 7.0.2

IBM	Rational Engineering Lifecycle Manager	Version: 7.0
IBM	Rational Rhapsody Model Manager	Version: 6.0.6 Version: 6.0.6.1 Version: 7.0 Version: 6.0.2
IBM	Engineering Lifecycle Optimization	Version: 7.0
IBM	Engineering Test Management	Version: 7.0.0
IBM	Rational Rhapsody Design Manager	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Rational Quality Manager	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Rational Team Concert	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Rational Collaborative Lifecycle Management	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1
IBM	Rational DOORS Next Generation	Version: 6.0.2 Version: 6.0.6 Version: 6.0.6.1 Version: 7.0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.970Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6408694"
          },
          {
            "name": "ibm-jazz-cve20204547-clickjacking (183315)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Engineering Workflow Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            }
          ]
        },
        {
          "product": "Rational Engineering Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Model Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            }
          ]
        },
        {
          "product": "Engineering Lifecycle Optimization",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Engineering Test Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            }
          ]
        },
        {
          "product": "Rational Rhapsody Design Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Quality Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Team Concert",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational Collaborative Lifecycle Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            }
          ]
        },
        {
          "product": "Rational DOORS Next Generation",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.0.6"
            },
            {
              "status": "affected",
              "version": "6.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "datePublic": "2021-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/S:C/A:N/UI:R/AC:L/I:L/C:L/PR:L/AV:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-27T16:15:26",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6408694"
        },
        {
          "name": "ibm-jazz-cve20204547-clickjacking (183315)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-01-26T00:00:00",
          "ID": "CVE-2020-4547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Engineering Workflow Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "7.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Engineering Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Model Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "6.0.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Lifecycle Optimization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Engineering Test Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Rhapsody Design Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Quality Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Team Concert",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational Collaborative Lifecycle Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rational DOORS Next Generation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.2"
                          },
                          {
                            "version_value": "6.0.6"
                          },
                          {
                            "version_value": "6.0.6.1"
                          },
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6408694",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-jazz-cve20204547-clickjacking (183315)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4547",
    "datePublished": "2021-01-27T16:15:26.519672Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T03:18:48.984Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3043 (GCVE-0-2013-3043)

Vulnerability from cvelistv5

Published

2013-12-14 22:00

Modified

2024-08-06 16:00

Severity ?

CWE

n/a

Summary

Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/84769	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg21655724	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:00:09.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "rhapsody-dm-cve20133043-client-dir-trav(84769)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84769"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "rhapsody-dm-cve20133043-client-dir-trav(84769)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84769"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-3043",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "rhapsody-dm-cve20133043-client-dir-trav(84769)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84769"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-3043",
    "datePublished": "2013-12-14T22:00:00",
    "dateReserved": "2013-04-12T00:00:00",
    "dateUpdated": "2024-08-06T16:00:09.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd

Published

2021-01-27 17:15

Modified

2024-11-21 05:33

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/190457	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6408694	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/190457	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6408694	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	collaborative_lifecycle_management	6.0.2
ibm	collaborative_lifecycle_management	6.0.6
ibm	collaborative_lifecycle_management	6.0.6.1
ibm	engineering_insights	7.0
ibm	engineering_lifecycle_management	7.0
ibm	engineering_requirements_management_doors_next	6.0.2
ibm	engineering_requirements_management_doors_next	6.0.6
ibm	engineering_requirements_management_doors_next	6.0.6.1
ibm	engineering_requirements_management_doors_next	7.0
ibm	engineering_test_management	7.0.0
ibm	engineering_workflow_management	6.0.2
ibm	engineering_workflow_management	6.0.6
ibm	engineering_workflow_management	6.0.6.1
ibm	engineering_workflow_management	7.0
ibm	engineering_workflow_management	7.0.2
ibm	global_configuration_management	*
ibm	rational_engineering_lifecycle_manager	6.0.2
ibm	rational_engineering_lifecycle_manager	6.0.6
ibm	rational_engineering_lifecycle_manager	6.0.6.1
ibm	rational_quality_manager	6.0.2
ibm	rational_quality_manager	6.0.6
ibm	rational_quality_manager	6.0.6.1
ibm	rhapsody_design_manager	6.0.2
ibm	rhapsody_design_manager	6.0.6
ibm	rhapsody_design_manager	6.0.6.1
ibm	rhapsody_design_manager	7.0
ibm	rhapsody_model_manager	6.0.2
ibm	rhapsody_model_manager	6.0.6
ibm	rhapsody_model_manager	6.0.6.1
ibm	rhapsody_model_manager	7.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7A8206-BB16-4559-A672-54C80FE1F32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC36ADE-3058-4210-8C8D-5B4E458FAB8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3093272-25CB-4478-9729-CD2E4710361A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FE328F-EAED-41C4-B0E1-B1B824CE4D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3C3F43-9613-42DC-B20F-C136C70A98D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA5B410-20C9-4B68-87C1-C0ECA72041E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA73A7F-6455-40C1-BF2E-EA4832D788AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "838DE085-54BB-4726-9E6F-FAF26EDFE539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F487060D-11AE-4048-B26F-F35320646340",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7ED890-DF29-4351-9569-C85482D079AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E773AC51-4CE1-4040-B568-EF17B025C4AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59FAE57-7A98-4C2E-8C15-66D71631A523",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Jazz Foundation, son vulnerables a ataques de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 190457"
    }
  ],
  "id": "CVE-2020-4855",
  "lastModified": "2024-11-21T05:33:19.660",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-27T17:15:12.713",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-07-30 11:15

Modified

2025-04-12 10:46

Severity ?

Summary

Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21678323	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/92621
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21678323	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/92621

Impacted products

Vendor	Product	Version
ibm	rhapsody_design_manager	3.0.0
ibm	rhapsody_design_manager	3.0.0.1
ibm	rhapsody_design_manager	3.0.1
ibm	rhapsody_design_manager	4.0.0
ibm	rhapsody_design_manager	4.0.1
ibm	rhapsody_design_manager	4.0.2
ibm	rhapsody_design_manager	4.0.3
ibm	rhapsody_design_manager	4.0.4
ibm	rhapsody_design_manager	4.0.5
ibm	rhapsody_design_manager	4.0.6
ibm	rational_software_architect_design_manager	3.0.0
ibm	rational_software_architect_design_manager	3.0.0.1
ibm	rational_software_architect_design_manager	3.0.1
ibm	rational_software_architect_design_manager	4.0.0
ibm	rational_software_architect_design_manager	4.0.1
ibm	rational_software_architect_design_manager	4.0.2
ibm	rational_software_architect_design_manager	4.0.3
ibm	rational_software_architect_design_manager	4.0.4
ibm	rational_software_architect_design_manager	4.0.5
ibm	rational_software_architect_design_manager	4.0.6

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "528AE2DE-49A1-4E4B-9CF5-A3D0C30E47F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5334F84-3E99-47B7-808F-8BF26A98A755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0629DA-AD85-4FC2-8118-98E8CC94D1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4166464B-D163-4D94-AF3F-2504E109281E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A10011-CED4-45E0-B53E-72DD7B977746",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83E1F8E-8B98-444E-9FE0-AC7CB508829E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B67C8F-9FDF-490B-8173-01CAFE0D79C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "305F6730-1FA4-4256-9190-653302CDAA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42AF422E-1E9B-4A77-A65A-61BF01338554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EE7242E-4E09-43F7-BC2D-993465CE324B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FE2858-B570-444A-BEEB-6FF9CD84E394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB05DAD7-F6DB-4441-B9D4-BD0F1BD1DF25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89BE9040-CC37-495C-A05B-FC3DFBC02DC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en IBM Rational Software Architect Design Manager y Rational Rhapsody Design Manager 3.x y 4.x anterior a 4.0.7 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo ZIP manipulado."
    }
  ],
  "id": "CVE-2014-0948",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-07-30T11:15:33.333",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92621"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-07-24 21:29

Modified

2025-04-20 01:37

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22006052	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/100124
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/118912	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22006052	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100124
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/118912	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	rhapsody_design_manager	5.0
ibm	rhapsody_design_manager	5.0.1
ibm	rhapsody_design_manager	5.0.2
ibm	rhapsody_design_manager	6.0
ibm	rhapsody_design_manager	6.0.1
ibm	rhapsody_design_manager	6.0.2
ibm	rhapsody_design_manager	6.0.3

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9F8754-B1A3-4261-B879-8E02FADFE4FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "301BD8A0-35A8-4AEE-9D8F-28BC8E0C3FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84620B49-B887-4A87-A2EF-6E763AB4E9D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "094E765E-C844-4E35-9CDC-F291F7082C1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92322AD7-00B7-496B-9924-D8929E7BAAA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "838DE085-54BB-4726-9E6F-FAF26EDFE539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8973E37A-6451-4FA0-A340-4E09E4F3D21C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912."
    },
    {
      "lang": "es",
      "value": "IBM Rhapsody DM versiones 5.0 y 6.0, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la Web UI, por lo tanto, alterar la funcionalidad deseada que podr\u00eda conllevar a la revelaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 118912."
    }
  ],
  "id": "CVE-2016-8975",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-24T21:29:00.237",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/100124"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/100124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118912"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-07-16 15:15

Modified

2024-11-21 04:44

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/173174	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6249133	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/173174	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6249133	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	collaborative_lifecycle_management	6.0.2
ibm	collaborative_lifecycle_management	6.0.6
ibm	collaborative_lifecycle_management	6.0.6.1
ibm	doors_next	7.0
ibm	engineering_lifecycle_manager	7.0
ibm	engineering_test_management	7.0
ibm	engineering_workflow_management	7.0
ibm	rational_doors_next_generation	6.0.2
ibm	rational_doors_next_generation	6.0.6
ibm	rational_doors_next_generation	6.0.6.1
ibm	rational_quality_manager	6.0.2
ibm	rational_quality_manager	6.0.6
ibm	rational_quality_manager	6.0.6.1
ibm	rational_team_concert	6.0.2
ibm	rational_team_concert	6.0.6
ibm	rational_team_concert	6.0.6.1
ibm	reference_data_management	7.0
ibm	rhapsody_design_manager	6.0.2
ibm	rhapsody_design_manager	6.0.6
ibm	rhapsody_design_manager	6.0.6.1

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF77DC36-1B53-437D-B3D7-7FED92E967DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "326E20D6-6F12-45F8-B005-3F6575E75EFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1295F19A-0532-46D8-868E-83ABE5BF08E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB9C2-4A39-4C21-B00B-3ABF4EE9805E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90791CAA-18B0-4A3F-A8FA-26E3C95E7852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "170BA44A-DF05-41C4-92DA-A0E8544AED25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "380BB05E-6ADE-4A45-897D-9AA16E3408D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FA2148-90A1-437D-8AD6-F626705FC780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6288A2-92B2-49EA-B5A7-9BB210BE93CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:reference_data_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C081789-7184-4010-8D6C-0791658108B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "838DE085-54BB-4726-9E6F-FAF26EDFE539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F487060D-11AE-4048-B26F-F35320646340",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7ED890-DF29-4351-9569-C85482D079AE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174."
    },
    {
      "lang": "es",
      "value": "IBM Jazz Team Server basadas en Applications es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista que puede conllevar a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.  IBM X-Force ID: 173174"
    }
  ],
  "id": "CVE-2019-4748",
  "lastModified": "2024-11-21T04:44:05.910",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-16T15:15:27.750",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6249133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6249133"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-07-24 21:29

Modified

2025-04-20 01:37

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22006052	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/125148	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22006052	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/125148	VDB Entry

Impacted products

Vendor	Product	Version
ibm	rhapsody_design_manager	5.0
ibm	rhapsody_design_manager	5.0.1
ibm	rhapsody_design_manager	5.0.2
ibm	rhapsody_design_manager	6.0
ibm	rhapsody_design_manager	6.0.1
ibm	rhapsody_design_manager	6.0.2
ibm	rhapsody_design_manager	6.0.3

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9F8754-B1A3-4261-B879-8E02FADFE4FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "301BD8A0-35A8-4AEE-9D8F-28BC8E0C3FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84620B49-B887-4A87-A2EF-6E763AB4E9D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "094E765E-C844-4E35-9CDC-F291F7082C1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92322AD7-00B7-496B-9924-D8929E7BAAA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "838DE085-54BB-4726-9E6F-FAF26EDFE539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8973E37A-6451-4FA0-A340-4E09E4F3D21C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
    },
    {
      "lang": "es",
      "value": "IBM Rhapsody DM en sus versiones 5.0 y 6.0 podr\u00eda permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima."
    }
  ],
  "id": "CVE-2017-1287",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-24T21:29:00.330",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125148"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-07-24 21:29

Modified

2025-04-20 01:37

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22006052	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/124629	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22006052	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/124629	VDB Entry

Impacted products

Vendor	Product	Version
ibm	rhapsody_design_manager	5.0
ibm	rhapsody_design_manager	5.0.1
ibm	rhapsody_design_manager	5.0.2
ibm	rhapsody_design_manager	6.0
ibm	rhapsody_design_manager	6.0.1
ibm	rhapsody_design_manager	6.0.2
ibm	rhapsody_design_manager	6.0.3

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9F8754-B1A3-4261-B879-8E02FADFE4FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "301BD8A0-35A8-4AEE-9D8F-28BC8E0C3FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84620B49-B887-4A87-A2EF-6E763AB4E9D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "094E765E-C844-4E35-9CDC-F291F7082C1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92322AD7-00B7-496B-9924-D8929E7BAAA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "838DE085-54BB-4726-9E6F-FAF26EDFE539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8973E37A-6451-4FA0-A340-4E09E4F3D21C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM Rhapsody DM 5.0 y 6.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2017-1249",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-24T21:29:00.297",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124629"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-12-14 22:55

Modified

2025-04-11 00:51

Severity ?

Summary

Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21655724	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/84769
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21655724	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/84769

Impacted products

Vendor	Product	Version
ibm	rational_software_architect_design_manager	3.0.0
ibm	rational_software_architect_design_manager	3.0.0.1
ibm	rational_software_architect_design_manager	3.0.1
ibm	rational_software_architect_design_manager	4.0.0
ibm	rational_software_architect_design_manager	4.0.1
ibm	rational_software_architect_design_manager	4.0.2
ibm	rational_software_architect_design_manager	4.0.3
ibm	rational_software_architect_design_manager	4.0.4
ibm	rhapsody_design_manager	3.0.0
ibm	rhapsody_design_manager	3.0.0.1
ibm	rhapsody_design_manager	3.0.1
ibm	rhapsody_design_manager	4.0.0
ibm	rhapsody_design_manager	4.0.1
ibm	rhapsody_design_manager	4.0.2
ibm	rhapsody_design_manager	4.0.3
ibm	rhapsody_design_manager	4.0.4

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FE2858-B570-444A-BEEB-6FF9CD84E394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB05DAD7-F6DB-4441-B9D4-BD0F1BD1DF25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89BE9040-CC37-495C-A05B-FC3DFBC02DC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "528AE2DE-49A1-4E4B-9CF5-A3D0C30E47F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5334F84-3E99-47B7-808F-8BF26A98A755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0629DA-AD85-4FC2-8118-98E8CC94D1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4166464B-D163-4D94-AF3F-2504E109281E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A10011-CED4-45E0-B53E-72DD7B977746",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83E1F8E-8B98-444E-9FE0-AC7CB508829E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B67C8F-9FDF-490B-8173-01CAFE0D79C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "305F6730-1FA4-4256-9190-653302CDAA9D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de recorrido de directorios en el cliente de IBM Rational Software Architect Manager y Rhapsody Design Manager 3.x y 4.x (anteriores a 4.0.5) permite a usuarios locales leer archivos de forma arbitraria a trav\u00e9s de vectores que involucran archivos temporales."
    }
  ],
  "id": "CVE-2013-3043",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-12-14T22:55:02.770",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84769"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84769"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-06-07 18:59

Modified

2025-04-12 10:46

Severity ?

Summary

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

▶	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21957763	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21957763	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	rational_requirements_composer	2.0
ibm	rational_requirements_composer	2.0.0.1
ibm	rational_requirements_composer	2.0.0.2
ibm	rational_requirements_composer	2.0.0.3
ibm	rational_requirements_composer	2.0.0.4
ibm	rational_requirements_composer	3.0
ibm	rational_requirements_composer	3.0.1
ibm	rational_requirements_composer	3.0.1.1
ibm	rational_requirements_composer	3.0.1.2
ibm	rational_requirements_composer	3.0.1.3
ibm	rational_requirements_composer	3.0.1.4
ibm	rational_requirements_composer	3.0.1.5
ibm	rational_requirements_composer	3.0.1.6
ibm	rational_requirements_composer	3.5
ibm	rational_requirements_composer	4.0
ibm	rational_requirements_composer	4.0.0
ibm	rational_requirements_composer	4.0.0.1
ibm	rational_requirements_composer	4.0.0.2
ibm	rational_requirements_composer	4.0.1
ibm	rational_requirements_composer	4.0.2
ibm	rational_requirements_composer	4.0.3
ibm	rational_requirements_composer	4.0.4
ibm	rational_requirements_composer	4.0.5
ibm	rational_requirements_composer	4.0.6
ibm	rational_requirements_composer	4.0.7
ibm	rhapsody_design_manager	3.0.0
ibm	rhapsody_design_manager	3.0.0.1
ibm	rhapsody_design_manager	3.0.1
ibm	rhapsody_design_manager	4.0.0
ibm	rhapsody_design_manager	4.0.1
ibm	rhapsody_design_manager	4.0.2
ibm	rhapsody_design_manager	4.0.3
ibm	rhapsody_design_manager	4.0.4
ibm	rhapsody_design_manager	4.0.5
ibm	rhapsody_design_manager	4.0.6
ibm	rhapsody_design_manager	4.0.7
ibm	rhapsody_design_manager	5.0
ibm	rhapsody_design_manager	5.0.2
ibm	rational_requirements_composer	2.0
ibm	rational_requirements_composer	2.0.0.1
ibm	rational_requirements_composer	2.0.0.2
ibm	rational_requirements_composer	2.0.0.3
ibm	rational_requirements_composer	2.0.0.4
ibm	rational_requirements_composer	3.0
ibm	rational_requirements_composer	3.0.1
ibm	rational_requirements_composer	3.0.1.1
ibm	rational_requirements_composer	3.0.1.2
ibm	rational_requirements_composer	3.0.1.3
ibm	rational_requirements_composer	3.0.1.4
ibm	rational_requirements_composer	3.0.1.5
ibm	rational_requirements_composer	3.0.1.6
ibm	rational_requirements_composer	3.5
ibm	rational_requirements_composer	4.0
ibm	rational_requirements_composer	4.0.0
ibm	rational_requirements_composer	4.0.0.1
ibm	rational_requirements_composer	4.0.0.2
ibm	rational_requirements_composer	4.0.1
ibm	rational_requirements_composer	4.0.2
ibm	rational_requirements_composer	4.0.3
ibm	rational_requirements_composer	4.0.4
ibm	rational_requirements_composer	4.0.5
ibm	rational_requirements_composer	4.0.6
ibm	rational_requirements_composer	4.0.7
ibm	rational_team_concert	2.0
ibm	rational_team_concert	2.0.0.1
ibm	rational_team_concert	2.0.0.2
ibm	rational_team_concert	3.0
ibm	rational_team_concert	3.0.1
ibm	rational_team_concert	3.0.1.1
ibm	rational_team_concert	3.0.1.2
ibm	rational_team_concert	3.0.1.3
ibm	rational_team_concert	3.0.1.4
ibm	rational_team_concert	3.0.1.5
ibm	rational_team_concert	3.0.1.6
ibm	rational_team_concert	4.0
ibm	rational_team_concert	4.0.0.1
ibm	rational_team_concert	4.0.0.2
ibm	rational_team_concert	4.0.1
ibm	rational_team_concert	4.0.2
ibm	rational_team_concert	4.0.3
ibm	rational_team_concert	4.0.4
ibm	rational_team_concert	4.0.5
ibm	rational_team_concert	4.0.6
ibm	rational_team_concert	4.0.7
ibm	rational_team_concert	5.0.0
ibm	rational_team_concert	5.0.1
ibm	rational_team_concert	5.0.2
ibm	rational_quality_manager	2.0
ibm	rational_quality_manager	2.0.0.1
ibm	rational_quality_manager	2.0.0.2
ibm	rational_quality_manager	2.0.1
ibm	rational_quality_manager	3.0
ibm	rational_quality_manager	3.0.1
ibm	rational_quality_manager	3.0.1.1
ibm	rational_quality_manager	3.0.1.2
ibm	rational_quality_manager	3.0.1.3
ibm	rational_quality_manager	3.0.1.4
ibm	rational_quality_manager	3.0.1.5
ibm	rational_quality_manager	3.0.1.6
ibm	rational_quality_manager	4.0
ibm	rational_quality_manager	4.0.0.1
ibm	rational_quality_manager	4.0.0.2
ibm	rational_quality_manager	4.0.1
ibm	rational_quality_manager	4.0.2
ibm	rational_quality_manager	4.0.3
ibm	rational_quality_manager	4.0.4
ibm	rational_quality_manager	4.0.5
ibm	rational_quality_manager	4.0.7
ibm	rational_quality_manager	5.0.0
ibm	rational_quality_manager	5.0.2
ibm	rational_software_architect_design_manager	3.0.0
ibm	rational_software_architect_design_manager	3.0.0.1
ibm	rational_software_architect_design_manager	3.0.1
ibm	rational_software_architect_design_manager	4.0.0
ibm	rational_software_architect_design_manager	4.0.1
ibm	rational_software_architect_design_manager	4.0.2
ibm	rational_software_architect_design_manager	4.0.3
ibm	rational_software_architect_design_manager	4.0.4
ibm	rational_software_architect_design_manager	4.0.5
ibm	rational_software_architect_design_manager	4.0.6
ibm	rational_software_architect_design_manager	4.0.7
ibm	rational_software_architect_design_manager	5.0.1
ibm	rational_software_architect_design_manager	5.0.2
ibm	rational_collaborative_lifecycle_management	3.0.1
ibm	rational_collaborative_lifecycle_management	3.0.1.1
ibm	rational_collaborative_lifecycle_management	3.0.1.2
ibm	rational_collaborative_lifecycle_management	3.0.1.3
ibm	rational_collaborative_lifecycle_management	3.0.1.4
ibm	rational_collaborative_lifecycle_management	3.0.1.5
ibm	rational_collaborative_lifecycle_management	3.0.1.6
ibm	rational_collaborative_lifecycle_management	4.0.0
ibm	rational_collaborative_lifecycle_management	4.0.1
ibm	rational_collaborative_lifecycle_management	4.0.2
ibm	rational_collaborative_lifecycle_management	4.0.3
ibm	rational_collaborative_lifecycle_management	4.0.4
ibm	rational_collaborative_lifecycle_management	4.0.5
ibm	rational_collaborative_lifecycle_management	4.0.6
ibm	rational_collaborative_lifecycle_management	4.0.7
ibm	rational_collaborative_lifecycle_management	5.0.0
ibm	rational_collaborative_lifecycle_management	5.0.1
ibm	rational_collaborative_lifecycle_management	5.0.2
ibm	rational_doors_next_generation	4.0.0
ibm	rational_doors_next_generation	4.0.1
ibm	rational_doors_next_generation	4.0.2
ibm	rational_doors_next_generation	4.0.3
ibm	rational_doors_next_generation	4.0.4
ibm	rational_doors_next_generation	4.0.5
ibm	rational_doors_next_generation	4.0.6
ibm	rational_doors_next_generation	4.0.7
ibm	rational_doors_next_generation	5.0.1
ibm	rational_doors_next_generation	5.0.2
ibm	rational_engineering_lifecycle_manager	1.0
ibm	rational_engineering_lifecycle_manager	1.0.0.1
ibm	rational_engineering_lifecycle_manager	4.0.3
ibm	rational_engineering_lifecycle_manager	4.0.4
ibm	rational_engineering_lifecycle_manager	4.0.5
ibm	rational_engineering_lifecycle_manager	4.0.6
ibm	rational_engineering_lifecycle_manager	4.0.7
ibm	rational_engineering_lifecycle_manager	5.0.1
ibm	rational_engineering_lifecycle_manager	5.0.2

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E211DC-D0D7-4527-AE87-231A19D58C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20AABE5F-C942-45BB-86A9-C3F2E949D64E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A04D314-F6EB-41B9-945A-D8428D86B655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3717DCFC-1336-45EC-919C-E1CD1B37DA2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC743273-AD4B-4A14-9C0C-23A865A640C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E8B281-4A2E-41E9-8953-9F041030EF65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF24AEA-D261-485F-A7FF-D5DAF033C571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD53B1B-BCD3-4A8D-8FBB-4965FA30D9E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0FA509F-C96E-428C-A69A-7D96E1C219B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0229C996-3960-4A7A-BA2E-03819281CA6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FBFCAE-0324-4C8B-82F4-1EBFA440CB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17099F68-B49C-4433-98B6-7C7FE8846702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D43547B3-1085-48B1-A6D3-32B791EE09FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0795E4AC-CFB9-447A-BDB0-7C7AA3799CD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D3894CB-8DF7-4011-B47F-36485A2A6E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF6342F6-709A-4043-A879-57E9C7232C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CDFA1C-9C07-4744-95F9-93A2332E2F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D8C43B-C109-44E1-868F-7DC1289D9BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EFFBB5B-8566-45BC-9123-5418821E6EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF2CC2A-232C-43A6-8C9B-E6125C051BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A84EA62-E3F8-4E4C-9FEF-065300C4611A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0232D8EF-1DB3-477D-818C-B79B68406197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8158D2-ECB0-4F89-BE73-568CA213D9B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "528AE2DE-49A1-4E4B-9CF5-A3D0C30E47F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5334F84-3E99-47B7-808F-8BF26A98A755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0629DA-AD85-4FC2-8118-98E8CC94D1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4166464B-D163-4D94-AF3F-2504E109281E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A10011-CED4-45E0-B53E-72DD7B977746",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83E1F8E-8B98-444E-9FE0-AC7CB508829E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B67C8F-9FDF-490B-8173-01CAFE0D79C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "305F6730-1FA4-4256-9190-653302CDAA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42AF422E-1E9B-4A77-A65A-61BF01338554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EE7242E-4E09-43F7-BC2D-993465CE324B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F0D2BD8-3DD8-4DAD-BDDF-6F5D8C73AA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9F8754-B1A3-4261-B879-8E02FADFE4FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84620B49-B887-4A87-A2EF-6E763AB4E9D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E211DC-D0D7-4527-AE87-231A19D58C6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20AABE5F-C942-45BB-86A9-C3F2E949D64E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A04D314-F6EB-41B9-945A-D8428D86B655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3717DCFC-1336-45EC-919C-E1CD1B37DA2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC743273-AD4B-4A14-9C0C-23A865A640C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1E8B281-4A2E-41E9-8953-9F041030EF65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF24AEA-D261-485F-A7FF-D5DAF033C571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDD53B1B-BCD3-4A8D-8FBB-4965FA30D9E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0FA509F-C96E-428C-A69A-7D96E1C219B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0229C996-3960-4A7A-BA2E-03819281CA6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FBFCAE-0324-4C8B-82F4-1EBFA440CB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17099F68-B49C-4433-98B6-7C7FE8846702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D43547B3-1085-48B1-A6D3-32B791EE09FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0795E4AC-CFB9-447A-BDB0-7C7AA3799CD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D3894CB-8DF7-4011-B47F-36485A2A6E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF6342F6-709A-4043-A879-57E9C7232C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CDFA1C-9C07-4744-95F9-93A2332E2F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D8C43B-C109-44E1-868F-7DC1289D9BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EFFBB5B-8566-45BC-9123-5418821E6EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF2CC2A-232C-43A6-8C9B-E6125C051BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A84EA62-E3F8-4E4C-9FEF-065300C4611A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0232D8EF-1DB3-477D-818C-B79B68406197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8158D2-ECB0-4F89-BE73-568CA213D9B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D0173BE-F9DE-4566-B060-095203FAACA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4875C452-2466-45F1-8923-00E5340D74D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B15EF2E-A114-4128-85F1-889EDC3F6C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07F4E00-F0BA-4821-B5B4-3C0E9D01AAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80E49B8-8BC4-4150-B86A-A5E474F4E598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6915A8F-05A1-4D39-BF53-0C3F4B155A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E92346D-B1A8-43F8-B2C1-E69A3301560B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F081AEF5-3F0F-4D58-8BBE-EDB9C569CAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "44840CC3-5720-4AF8-B508-67AB5E3E1CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F65519B-90F8-4A17-BA94-FDFDE5BF8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D790D42-7B73-40A6-BF0E-630099FB97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABBECCB-F0B9-4D45-9372-6F313F841FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE6472E-AC94-431C-B8EA-8A3ED1828E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DAFF35-BD11-4EED-8B79-E99AE8A0E620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDFE57E-7905-4DC8-93FC-CAE5BC070790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEC305-F98D-45F4-B149-1188744DE408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E837B6AB-B8FF-413E-8DE9-EE61F6113ED1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CE0A31B-7A9B-40E6-8648-365D018BA0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A9E54DB-5CB0-4289-B1A7-EA82494A8FEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B2944B8-BFD1-4184-8E49-69385DD0C0D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71ECC4C2-BF61-47C7-8435-BE71F1AD0A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79E7EF2-5615-4300-BC0D-865DBDC8B46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59EB6D6-2A74-4988-912C-97045647F1ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EAB61F7-B5B4-47E8-8BFD-02F025358781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93D8CAB-0DF0-4A1D-B1A3-78FF892D04AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7204792C-1506-4E95-92CD-098F760FC429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FC134C-08AB-4874-B31D-B08CDF4C2DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1649F910-F8B9-4AAD-9743-C37B8784A771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B15D55E2-D1C2-4934-8C51-2DA2778ADF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B31F581-9E7A-4882-A915-FE4784FDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1E396E-905A-4CE3-8AEB-12BFBE679B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E998F-416E-4E1F-BF85-606224B468CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FE2858-B570-444A-BEEB-6FF9CD84E394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB05DAD7-F6DB-4441-B9D4-BD0F1BD1DF25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89BE9040-CC37-495C-A05B-FC3DFBC02DC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C416F89-7E5E-4FE7-A532-F13843AA1771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36DDB50-CF31-4B3C-AE49-99A3AFBC0791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFDE569-8BE3-4CFD-8228-FF785B004068",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E21B53E-28C2-4930-88F3-3AADD1BF31B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF2CAB1D-B5AB-42D2-8F35-52C6F64EC0FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "71816D92-AC01-4F7D-A878-7280175BB422",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D17CA5-2B63-4914-9DBF-5861F69B5238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D3B001F-0031-4BED-9A49-B9589EC9E5CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8CED8F4-22A6-4945-A21F-0D399BE661F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FA0B68-62BE-45B5-A359-1F922BEA587C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C66DD3-20D9-4B47-AFA4-0BA789A973FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F4A9A99-C26E-4476-934E-24AADFBDB8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73A4517-CA0C-4C11-BD22-47F53DFBD7B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22AC9CB-44C3-43E1-B29A-3D06A421E51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998570-6EFF-436C-9297-601B17A31788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D944BB64-73C5-402C-9D14-077B8FC9DB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A32DF4D-B68E-4C3E-AF20-05C80B26461A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B877D86-6ABE-43E8-A681-0C937C779388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "817714F1-B68E-41DB-A4FC-34FD5518B9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0477D24-56F7-46A2-A08A-C20A90E6E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0514FAC-52CE-41F6-B255-E2D83E71F3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA25E78-52E0-4B5E-AECC-0F24C827F3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "746190AA-6D21-446F-80F5-4C98F5BF74A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08125E1B-FE2B-436C-A69F-067BC1B5C542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BC49A-4D59-47AE-B2D2-13B6719B0932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AE1241-9998-4F5D-862A-52CE40DB24C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B30003D-1BF8-414D-9D6D-9D1B90D4EBB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B5AC6B-5DCB-458C-8267-6AF5CC9C3E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C380E168-9045-4BF3-A485-2943B2FDE44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5917861D-85E7-45F6-9150-BD6F2E272832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90570EDF-C0A3-4AF5-9763-2D6473762A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "608625CE-F543-4DCA-A3F9-70A35ECD1550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E8B81FD-2288-4DD3-9AAC-76016FFA2D30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
    },
    {
      "lang": "es",
      "value": "Jazz Team Server en Jazz Foundation en  Rational Collaborative Lifecycle Management (CLM) de IBM versi\u00f3n 3.0.1, versiones 4.x y anteriores a 4.0.7 IF5 y versiones 5.x y anteriores a 5.0.2 IF4; Rational Quality Manager (RQM) versiones  2.0 hasta 2.0.1, versiones 3.0 hasta 3.0.1.6, versiones 4.0 hasta 4.0.7, y versiones  5.0 hasta 5.0.2; Rational Team Concert (RTC) versiones 2.0 hasta 2.0.0.2, versiones 3.x y anteriores a 3.0.1.6 IF6, versiones 4.x y anteriores a 4.0.7 IF5, y versiones 5.x y anteriores a 5.0.2 IF4; Rational Requirements Composer (RRC) versiones 2.0 hasta 2.0.0.4, versiones 3.x y anteriores a 3.0.1.6 IF6, y versiones 4.0 hasta 4.0.7; Rational DOORS Next Generation (RDNG) versiones 4.x y anteriores a 4.0.7 IF5 y versiones 5.x y anteriores a 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) versiones 1.0 hasta 1.0.0.1, versiones 4.0.3 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; Rational Rhapsody Design Manager (DM) versiones 3.0 hasta 3.0.1, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2; y Rational Software Architect Design Manager (RSA DM) versiones 3.0 hasta 3.0.1, versiones 4.0 hasta 4.0.7, y versiones 5.0 hasta 5.0.2, permite a los usuarios autenticados remotos leer archivos arbitrarios por medio de una declaraci\u00f3n de  tipo XML external entity en conjunto con una referencia de entidad, relacionada con un problema de tipo XML External Entity (XXE)."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
  "id": "CVE-2015-0112",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-07T18:59:03.470",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-01-27 17:15

Modified

2024-11-21 05:32

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/182434	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6408694	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/182434	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6408694	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	collaborative_lifecycle_management	6.0.2
ibm	collaborative_lifecycle_management	6.0.6
ibm	collaborative_lifecycle_management	6.0.6.1
ibm	engineering_insights	7.0
ibm	engineering_lifecycle_management	7.0
ibm	engineering_requirements_management_doors_next	6.0.2
ibm	engineering_requirements_management_doors_next	6.0.6
ibm	engineering_requirements_management_doors_next	6.0.6.1
ibm	engineering_requirements_management_doors_next	7.0
ibm	engineering_test_management	7.0.0
ibm	engineering_workflow_management	6.0.2
ibm	engineering_workflow_management	6.0.6
ibm	engineering_workflow_management	6.0.6.1
ibm	engineering_workflow_management	7.0
ibm	engineering_workflow_management	7.0.2
ibm	global_configuration_management	*
ibm	rational_engineering_lifecycle_manager	6.0.2
ibm	rational_engineering_lifecycle_manager	6.0.6
ibm	rational_engineering_lifecycle_manager	6.0.6.1
ibm	rational_quality_manager	6.0.2
ibm	rational_quality_manager	6.0.6
ibm	rational_quality_manager	6.0.6.1
ibm	rhapsody_design_manager	6.0.2
ibm	rhapsody_design_manager	6.0.6
ibm	rhapsody_design_manager	6.0.6.1
ibm	rhapsody_design_manager	7.0
ibm	rhapsody_model_manager	6.0.2
ibm	rhapsody_model_manager	6.0.6
ibm	rhapsody_model_manager	6.0.6.1
ibm	rhapsody_model_manager	7.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7A8206-BB16-4559-A672-54C80FE1F32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC36ADE-3058-4210-8C8D-5B4E458FAB8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3093272-25CB-4478-9729-CD2E4710361A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FE328F-EAED-41C4-B0E1-B1B824CE4D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3C3F43-9613-42DC-B20F-C136C70A98D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA5B410-20C9-4B68-87C1-C0ECA72041E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA73A7F-6455-40C1-BF2E-EA4832D788AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "838DE085-54BB-4726-9E6F-FAF26EDFE539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F487060D-11AE-4048-B26F-F35320646340",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7ED890-DF29-4351-9569-C85482D079AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E773AC51-4CE1-4040-B568-EF17B025C4AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59FAE57-7A98-4C2E-8C15-66D71631A523",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Jazz Foundation, son vulnerables a ataques de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 182434"
    }
  ],
  "id": "CVE-2020-4524",
  "lastModified": "2024-11-21T05:32:50.620",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-27T17:15:11.057",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-01-27 17:15

Modified

2024-11-21 05:32

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/183315	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6408694	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/183315	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6408694	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	collaborative_lifecycle_management	6.0.2
ibm	collaborative_lifecycle_management	6.0.6
ibm	collaborative_lifecycle_management	6.0.6.1
ibm	engineering_insights	7.0
ibm	engineering_lifecycle_management	7.0
ibm	engineering_requirements_management_doors_next	6.0.2
ibm	engineering_requirements_management_doors_next	6.0.6
ibm	engineering_requirements_management_doors_next	6.0.6.1
ibm	engineering_requirements_management_doors_next	7.0
ibm	engineering_test_management	7.0.0
ibm	engineering_workflow_management	6.0.2
ibm	engineering_workflow_management	6.0.6
ibm	engineering_workflow_management	6.0.6.1
ibm	engineering_workflow_management	7.0
ibm	engineering_workflow_management	7.0.2
ibm	global_configuration_management	*
ibm	rational_engineering_lifecycle_manager	6.0.2
ibm	rational_engineering_lifecycle_manager	6.0.6
ibm	rational_engineering_lifecycle_manager	6.0.6.1
ibm	rational_quality_manager	6.0.2
ibm	rational_quality_manager	6.0.6
ibm	rational_quality_manager	6.0.6.1
ibm	rhapsody_design_manager	6.0.2
ibm	rhapsody_design_manager	6.0.6
ibm	rhapsody_design_manager	6.0.6.1
ibm	rhapsody_design_manager	7.0
ibm	rhapsody_model_manager	6.0.2
ibm	rhapsody_model_manager	6.0.6
ibm	rhapsody_model_manager	6.0.6.1
ibm	rhapsody_model_manager	7.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7A8206-BB16-4559-A672-54C80FE1F32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC36ADE-3058-4210-8C8D-5B4E458FAB8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3093272-25CB-4478-9729-CD2E4710361A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FE328F-EAED-41C4-B0E1-B1B824CE4D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3C3F43-9613-42DC-B20F-C136C70A98D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA5B410-20C9-4B68-87C1-C0ECA72041E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA73A7F-6455-40C1-BF2E-EA4832D788AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "838DE085-54BB-4726-9E6F-FAF26EDFE539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F487060D-11AE-4048-B26F-F35320646340",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7ED890-DF29-4351-9569-C85482D079AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E773AC51-4CE1-4040-B568-EF17B025C4AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59FAE57-7A98-4C2E-8C15-66D71631A523",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Jazz Foundation, podr\u00edan permitir a un atacante remoto secuestrar la acci\u00f3n de clic de la v\u00edctima.\u0026#xa0;Al persuadir a una v\u00edctima para visitar un sitio web malicioso, un atacante remoto podr\u00eda explotar esta vulnerabilidad para secuestrar las acciones de clic de la v\u00edctima y posiblemente iniciar nuevos ataques contra la v\u00edctima.\u0026#xa0;IBM X-Force ID: 183315"
    }
  ],
  "id": "CVE-2020-4547",
  "lastModified": "2024-11-21T05:32:52.857",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-27T17:15:11.323",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1021"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-01-27 17:15

Modified

2024-11-21 05:33

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/190741	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6408694	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/190741	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6408694	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	collaborative_lifecycle_management	6.0.2
ibm	collaborative_lifecycle_management	6.0.6
ibm	collaborative_lifecycle_management	6.0.6.1
ibm	engineering_insights	7.0
ibm	engineering_lifecycle_management	7.0
ibm	engineering_requirements_management_doors_next	6.0.2
ibm	engineering_requirements_management_doors_next	6.0.6
ibm	engineering_requirements_management_doors_next	6.0.6.1
ibm	engineering_requirements_management_doors_next	7.0
ibm	engineering_test_management	7.0.0
ibm	engineering_workflow_management	6.0.2
ibm	engineering_workflow_management	6.0.6
ibm	engineering_workflow_management	6.0.6.1
ibm	engineering_workflow_management	7.0
ibm	engineering_workflow_management	7.0.2
ibm	global_configuration_management	*
ibm	rational_engineering_lifecycle_manager	6.0.2
ibm	rational_engineering_lifecycle_manager	6.0.6
ibm	rational_engineering_lifecycle_manager	6.0.6.1
ibm	rational_quality_manager	6.0.2
ibm	rational_quality_manager	6.0.6
ibm	rational_quality_manager	6.0.6.1
ibm	rhapsody_design_manager	6.0.2
ibm	rhapsody_design_manager	6.0.6
ibm	rhapsody_design_manager	6.0.6.1
ibm	rhapsody_design_manager	7.0
ibm	rhapsody_model_manager	6.0.2
ibm	rhapsody_model_manager	6.0.6
ibm	rhapsody_model_manager	6.0.6.1
ibm	rhapsody_model_manager	7.0

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D8E27B-1B01-4EBE-A28B-31CFB5CB3D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_insights:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C056314-C5ED-4CCA-B01E-34B3DA7AF6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7A8206-BB16-4559-A672-54C80FE1F32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC36ADE-3058-4210-8C8D-5B4E458FAB8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3093272-25CB-4478-9729-CD2E4710361A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FE328F-EAED-41C4-B0E1-B1B824CE4D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_test_management:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72DED9-4D72-4AC9-962A-BC73A324A9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3C3F43-9613-42DC-B20F-C136C70A98D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA5B410-20C9-4B68-87C1-C0ECA72041E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA73A7F-6455-40C1-BF2E-EA4832D788AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C61454F-7B98-4A67-B2E2-E0146F1F43D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5C3FDC-DD05-423A-8A14-8372C9741D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:global_configuration_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1498109-7634-4258-B0EE-CA8A97334441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F242460-F1F6-4D37-8817-4F6040FB5F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "07056A3E-E464-4E08-8BEC-0801E851236C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31B4E66-AA82-4EB4-A6D7-6BEEEBC86E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED82318-CB9F-4EC4-BABF-1F473B3AA799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4E17CB-517F-4976-BBBC-3CD0188710E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E698C1B9-529C-42A1-9C8D-8088A2C1FC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "838DE085-54BB-4726-9E6F-FAF26EDFE539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F487060D-11AE-4048-B26F-F35320646340",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7ED890-DF29-4351-9569-C85482D079AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E773AC51-4CE1-4040-B568-EF17B025C4AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "854EB28F-E803-4FBF-86A0-3D9B59B21E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30966CBA-B11A-446A-81C4-D382BC130CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:6.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EAF6B9-0892-4B1B-A424-6E2C2C1D0142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_model_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59FAE57-7A98-4C2E-8C15-66D71631A523",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741."
    },
    {
      "lang": "es",
      "value": "Los productos de IBM Jazz Foundation, son vulnerables a ataques de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 190741"
    }
  ],
  "id": "CVE-2020-4865",
  "lastModified": "2024-11-21T05:33:20.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-27T17:15:13.027",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6408694"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-12-14 22:55

Modified

2025-04-11 00:51

Severity ?

Summary

Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21655724	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/84768
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21655724	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/84768

Impacted products

Vendor	Product	Version
ibm	rational_software_architect_design_manager	3.0.0
ibm	rational_software_architect_design_manager	3.0.0.1
ibm	rational_software_architect_design_manager	3.0.1
ibm	rational_software_architect_design_manager	4.0.0
ibm	rational_software_architect_design_manager	4.0.1
ibm	rational_software_architect_design_manager	4.0.2
ibm	rational_software_architect_design_manager	4.0.3
ibm	rational_software_architect_design_manager	4.0.4
ibm	rhapsody_design_manager	3.0.0
ibm	rhapsody_design_manager	3.0.0.1
ibm	rhapsody_design_manager	3.0.1
ibm	rhapsody_design_manager	4.0.0
ibm	rhapsody_design_manager	4.0.1
ibm	rhapsody_design_manager	4.0.2
ibm	rhapsody_design_manager	4.0.3
ibm	rhapsody_design_manager	4.0.4

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FE2858-B570-444A-BEEB-6FF9CD84E394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB05DAD7-F6DB-4441-B9D4-BD0F1BD1DF25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89BE9040-CC37-495C-A05B-FC3DFBC02DC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "528AE2DE-49A1-4E4B-9CF5-A3D0C30E47F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5334F84-3E99-47B7-808F-8BF26A98A755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0629DA-AD85-4FC2-8118-98E8CC94D1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4166464B-D163-4D94-AF3F-2504E109281E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A10011-CED4-45E0-B53E-72DD7B977746",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83E1F8E-8B98-444E-9FE0-AC7CB508829E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B67C8F-9FDF-490B-8173-01CAFE0D79C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "305F6730-1FA4-4256-9190-653302CDAA9D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de recorrido de directorios en el servidor  IBM Rational Software Architect Design Manager y Rhapsody Design Manager 3.x y 4.x (anteriores a 4.0.5) permite a usuarios locales leer archivos a traves de vectores que involucran archivos temporales."
    }
  ],
  "id": "CVE-2013-3042",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-12-14T22:55:02.740",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84768"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-04-21 22:55

Modified

2025-04-12 10:46

Severity ?

Summary

Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21664531	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/84773
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21664531	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/84773

Impacted products

Vendor	Product	Version
ibm	rhapsody_design_manager	3.0.0
ibm	rhapsody_design_manager	3.0.0.1
ibm	rhapsody_design_manager	3.0.1
ibm	rhapsody_design_manager	4.0.0
ibm	rhapsody_design_manager	4.0.1
ibm	rhapsody_design_manager	4.0.2
ibm	rhapsody_design_manager	4.0.3
ibm	rhapsody_design_manager	4.0.4
ibm	rhapsody_design_manager	4.0.5
ibm	rational_software_architect_design_manager	3.0.0
ibm	rational_software_architect_design_manager	3.0.0.1
ibm	rational_software_architect_design_manager	3.0.1
ibm	rational_software_architect_design_manager	4.0.0
ibm	rational_software_architect_design_manager	4.0.1
ibm	rational_software_architect_design_manager	4.0.2
ibm	rational_software_architect_design_manager	4.0.3
ibm	rational_software_architect_design_manager	4.0.4
ibm	rational_software_architect_design_manager	4.0.5

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "528AE2DE-49A1-4E4B-9CF5-A3D0C30E47F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5334F84-3E99-47B7-808F-8BF26A98A755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0629DA-AD85-4FC2-8118-98E8CC94D1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4166464B-D163-4D94-AF3F-2504E109281E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A10011-CED4-45E0-B53E-72DD7B977746",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83E1F8E-8B98-444E-9FE0-AC7CB508829E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B67C8F-9FDF-490B-8173-01CAFE0D79C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "305F6730-1FA4-4256-9190-653302CDAA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42AF422E-1E9B-4A77-A65A-61BF01338554",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FE2858-B570-444A-BEEB-6FF9CD84E394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB05DAD7-F6DB-4441-B9D4-BD0F1BD1DF25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89BE9040-CC37-495C-A05B-FC3DFBC02DC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en IBM Rational Software Architect (RSA) Design Manager y Rational Rhapsody Design Manager 3.x hasta 3.0.1 y 4.x anterior a 4.0.6 permite a usuarios remotos autenticados modificar datos mediante el aprovechamiento de la comprobaci\u00f3n indebida de par\u00e1metros."
    }
  ],
  "id": "CVE-2013-5459",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-21T22:55:08.147",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664531"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664531"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84773"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-01-27 17:15

Modified

2024-11-21 05:46

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/194963	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6408694	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/194963	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6408694	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	collaborative_lifecycle_management	6.0.2
ibm	collaborative_lifecycle_management	6.0.6
ibm	collaborative_lifecycle_management	6.0.6.1
ibm	engineering_insights	7.0
ibm	engineering_lifecycle_management	7.0
ibm	engineering_requirements_management_doors_next	6.0.2
ibm	engineering_requirements_management_doors_next	6.0.6
ibm	engineering_requirements_management_doors_next	6.0.6.1
ibm	engineering_requirements_management_doors_next	7.0
ibm	engineering_test_management	7.0.0
ibm	engineering_workflow_management	6.0.2
ibm	engineering_workflow_management	6.0.6
ibm	engineering_workflow_management	6.0.6.1
ibm	engineering_workflow_management	7.0
ibm	engineering_workflow_management	7.0.2
ibm	global_configuration_management	*
ibm	rational_engineering_lifecycle_manager	6.0.2
ibm	rational_engineering_lifecycle_manager	6.0.6
ibm	rational_engineering_lifecycle_manager	6.0.6.1
ibm	rational_quality_manager	6.0.2
ibm	rational_quality_manager	6.0.6
ibm	rational_quality_manager	6.0.6.1
ibm	rhapsody_design_manager	6.0.2
ibm	rhapsody_design_manager	6.0.6
ibm	rhapsody_design_manager	6.0.6.1
ibm	rhapsody_design_manager	7.0
ibm	rhapsody_model_manager	6.0.2
ibm	rhapsody_model_manager	6.0.6
ibm	rhapsody_model_manager	6.0.6.1
ibm	rhapsody_model_manager	7.0