Ibm Rational Collaborative Lifecycle Management vulnerabilities

171 known vulnerabilities affecting ibm/rational_collaborative_lifecycle_management.

Total CVEs

171

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH9MEDIUM155LOW6

Vulnerabilities

Page 8 of 9

CVE-2016-9973MEDIUMCVSS 5.4v4.0v4.0.1+13 more2017-06-13

CVE-2016-9973 [MEDIUM] CWE-79 CVE-2016-9973: IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.

cvelistv5nvd

CVE-2016-9735MEDIUMCVSS 4.3v4.0v4.0.2+12 more2017-05-15

CVE-2016-9735 [MEDIUM] CWE-200 CVE-2016-9735: IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack tra IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,

nvd

CVE-2016-9707HIGHCVSS 8.1v4.0v4.0.1+13 more2017-03-31

CVE-2016-9707 [HIGH] CWE-611 CVE-2016-9707: IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.

nvd

CVE-2016-2981MEDIUMCVSS 6.8v4.0v4.0.1+13 more2017-03-20

CVE-2016-2981 [MEDIUM] CWE-200 CVE-2016-2981: An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.

nvd

CVE-2016-8968MEDIUMCVSS 5.4v6.0.0v6.0.1+1 more2017-02-15

CVE-2016-8968 [MEDIUM] CWE-79 CVE-2016-8968: IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515.

nvd

CVE-2016-2866MEDIUMCVSS 4.3v4.0.0v4.0.1+13 more2017-02-08

CVE-2016-2866 [MEDIUM] CWE-200 CVE-2016-2866: An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user.

nvd

CVE-2016-6032MEDIUMCVSS 5.4v4.0.0v4.0.1+13 more2017-02-08

CVE-2016-6032 [MEDIUM] CWE-79 CVE-2016-6032: IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

nvd

CVE-2016-6030MEDIUMCVSS 5.4v4.0.0v4.0.1+12 more2017-02-01

CVE-2016-6030 [MEDIUM] CWE-79 CVE-2016-6030: IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

nvd

CVE-2016-6028MEDIUMCVSS 4.3v4.0.0v4.0.1+12 more2017-02-01

CVE-2016-6028 [MEDIUM] CWE-264 CVE-2016-6028: IBM Jazz technology based products might allow an attacker to view work item titles that they do not IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view.

nvd

CVE-2016-6040MEDIUMCVSS 5.0v4.0.0v4.0.1+12 more2017-02-01

CVE-2016-6040 [MEDIUM] CWE-384 CVE-2016-6040: IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due t IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.

nvd

CVE-2016-6061MEDIUMCVSS 5.4v4.0.0v4.0.1+12 more2017-02-01

CVE-2016-6061 [MEDIUM] CWE-79 CVE-2016-6061: IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

nvd

CVE-2016-3014MEDIUMCVSS 5.4v4.0.0v4.0.1+9 more2016-11-30

CVE-2016-3014 [MEDIUM] CWE-79 CVE-2016-3014: Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 befo Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 a

nvd

CVE-2016-2926MEDIUMCVSS 5.4v3.0.1.6v4.0.0+13 more2016-11-25

CVE-2016-2926 [MEDIUM] CWE-79 CVE-2016-2926: Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 befo Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 b

nvd

CVE-2016-2947LOWCVSS 2.7v3.0.1.6v4.0.0+13 more2016-11-25

CVE-2016-2947 [LOW] CWE-200 CVE-2016-2947: IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, an IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generat

nvd

CVE-2016-0284MEDIUMCVSS 5.4v3.0.1.6v4.0.0+13 more2016-11-24

CVE-2016-0284 [MEDIUM] CWE-611 CVE-2016-0284: The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4 The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 i

nvd

CVE-2016-2864MEDIUMCVSS 5.4v3.0.1.6v4.0.0+13 more2016-11-24

CVE-2016-2864 [MEDIUM] CWE-79 CVE-2016-2864: Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before i

nvd

CVE-2016-0273MEDIUMCVSS 5.4v3.0.1.6v4.0.0+13 more2016-11-24

CVE-2016-0273 [MEDIUM] CWE-79 CVE-2016-0273: Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before i

nvd

CVE-2016-0372LOWCVSS 3.7v3.0.1.6v4.0.0+13 more2016-11-24

CVE-2016-0372 [LOW] CWE-200 CVE-2016-0372: IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 b IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0

nvd

CVE-2016-0326HIGHCVSS 8.8v4.0.0v4.0.1+11 more2016-10-22

CVE-2016-0326 [HIGH] CWE-77 CVE-2016-0326: IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iF IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."

nvd

CVE-2016-0331MEDIUMCVSS 5.4v6.0.1v6.0.22016-09-12

CVE-2016-0331 [MEDIUM] CWE-79 CVE-2016-0331: Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 i Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

nvd

← Previous8 / 9Next →