Ibm Rational Collaborative Lifecycle Management vulnerabilities
171 known vulnerabilities affecting ibm/rational_collaborative_lifecycle_management.
Total CVEs
171
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH9MEDIUM155LOW6
Vulnerabilities
Page 4 of 9
CVE-2018-1658MEDIUMCVSS 5.4≥ 5.0, ≤ 6.0.6v5.0+9 more2019-03-14
CVE-2018-1658 [MEDIUM] CWE-20 CVE-2018-1658: IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerabl
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduc
nvd
CVE-2018-1762MEDIUMCVSS 5.4≥ 5.0.0, ≤ 6.0.6v5.0+9 more2018-11-29
CVE-2018-1762 [MEDIUM] CWE-79 CVE-2018-1762: IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerab
IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148616.
nvd
CVE-2018-1606MEDIUMCVSS 4.3≥ 5.0.0, ≤ 6.0.6v5.0+9 more2018-11-06
CVE-2018-1606 [MEDIUM] CWE-200 CVE-2018-1606: IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.
IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Ratio
nvd
CVE-2018-1694MEDIUMCVSS 5.9≥ 5.0.0, ≤ 6.0.6v5.0+9 more2018-11-06
CVE-2018-1694 [MEDIUM] CVE-2018-1694: IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 thro
IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody D
nvd
CVE-2018-1558MEDIUMCVSS 5.4≥ 5.0, ≤ 6.0.6v5.0+9 more2018-10-02
CVE-2018-1558 [MEDIUM] CWE-79 CVE-2018-1558: IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerabl
IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956.
nvd
CVE-2018-1394MEDIUMCVSS 5.4v5.0v5.0.1+7 more2018-08-20
CVE-2018-1394 [MEDIUM] CWE-79 CVE-2018-1394: Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows use
Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425.
nvd
CVE-2017-1753MEDIUMCVSS 5.4v5.0v5.0.1+7 more2018-08-20
CVE-2017-1753 [MEDIUM] CWE-94 CVE-2017-1753: Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject mali
Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.
nvd
CVE-2018-1492MEDIUMCVSS 6.8≥ 5.0, ≤ 6.0.5v5.0+8 more2018-07-10
CVE-2018-1492 [MEDIUM] CWE-384 CVE-2018-1492: IBM Jazz Foundation products could allow a user with physical access to the system to log in as anot
IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.
nvd
CVE-2018-1423MEDIUMCVSS 6.5≥ 5.0, ≤ 6.0.5v5.0+8 more2018-07-10
CVE-2018-1423 [MEDIUM] CWE-200 CVE-2018-1423: IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that
IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.
nvd
CVE-2017-1238MEDIUMCVSS 5.4≥ 5.0.0, ≤ 6.0.32018-07-06
CVE-2017-1238 [MEDIUM] CWE-79 CVE-2017-1238: IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This v
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124356.
nvd
CVE-2017-1239MEDIUMCVSS 5.3≥ 5.0.0, ≤ 6.0.32018-07-06
CVE-2017-1239 [MEDIUM] CWE-200 CVE-2017-1239: IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357.
nvd
CVE-2017-1237MEDIUMCVSS 5.4≥ 6.0.0, ≤ 6.0.5v5.0.1+7 more2018-07-06
CVE-2017-1237 [MEDIUM] CWE-79 CVE-2017-1237: IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users
IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355.
nvd
CVE-2017-1488MEDIUMCVSS 5.3≥ 6.0.0, ≤ 6.0.5v5.0.1+7 more2018-07-06
CVE-2017-1488 [MEDIUM] CWE-200 CVE-2017-1488: An undisclosed vulnerability in Jazz common products exists with potential for information disclosur
An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627.
nvd
CVE-2017-1242MEDIUMCVSS 5.4≥ 5.0.0, ≤ 6.0.32018-07-06
CVE-2017-1242 [MEDIUM] CWE-94 CVE-2017-1242: IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote att
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524.
nvd
CVE-2017-1509MEDIUMCVSS 4.3≥ 6.0.0, ≤ 6.0.5v5.0.1+7 more2018-07-06
CVE-2017-1509 [MEDIUM] CWE-200 CVE-2017-1509: IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719.
nvd
CVE-2017-1248MEDIUMCVSS 6.1≥ 5.0.0, ≤ 6.0.32018-07-06
CVE-2017-1248 [MEDIUM] CWE-94 CVE-2017-1248: IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote att
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628.
nvd
CVE-2017-1559MEDIUMCVSS 4.3≥ 6.0.0, ≤ 6.0.5v5.0.1+7 more2018-07-06
CVE-2017-1559 [MEDIUM] CWE-200 CVE-2017-1559: Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts v
Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758.
nvd
CVE-2017-1329MEDIUMCVSS 5.4≥ 5.0.0, ≤ 6.0.32018-07-06
CVE-2017-1329 [MEDIUM] CWE-94 CVE-2017-1329: IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote att
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231.
nvd
CVE-2017-1277MEDIUMCVSS 5.4v5.0.0v5.0.1+9 more2018-07-03
CVE-2017-1277 [MEDIUM] CWE-79 CVE-2017-1277: IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 a
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
nvd
CVE-2017-1621MEDIUMCVSS 5.4v5.0v5.0.1+7 more2018-07-03
CVE-2017-1621 [MEDIUM] CWE-79 CVE-2017-1621: IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 a
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
nvd