Ibm Rational Doors Next Generation vulnerabilities

CVE-2016-6024 [MEDIUM] CWE-200 CVE-2016-6024: IBM Jazz technology based products might divulge information that might be useful in helping attacke IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.

CVE-2017-1570 [MEDIUM] CWE-200 CVE-2017-1570: IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.

CVE-2017-1650 [MEDIUM] CWE-79 CVE-2017-1650: IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability al IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133260.

CVE-2017-1338 [MEDIUM] CWE-79 CVE-2017-1338: IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vu IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126246.

CVE-2016-9700 [MEDIUM] CWE-200 CVE-2016-9700: IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528.

CVE-2017-1099 [MEDIUM] CWE-200 CVE-2017-1099: IBM Jazz Foundation could expose potentially sensitive information to authenticated users through st IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.

CVE-2016-9973 [MEDIUM] CWE-79 CVE-2016-9973: IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.

CVE-2017-1278 [MEDIUM] CWE-79 CVE-2017-1278: IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attac IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756.

CVE-2017-1276 [MEDIUM] CWE-79 CVE-2017-1276: IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vul IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124751.

CVE-2017-1247 [MEDIUM] CWE-79 CVE-2017-1247: IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vul IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124627.

CVE-2017-1305 [MEDIUM] CWE-79 CVE-2017-1305: IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vuln IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125459.

CVE-2016-9735 [MEDIUM] CWE-200 CVE-2016-9735: IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack tra IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,

CVE-2016-9707 [HIGH] CWE-611 CVE-2016-9707: IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.

CVE-2016-6055 [MEDIUM] CWE-79 CVE-2016-6055: IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vul IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1995515.

CVE-2016-6060 [MEDIUM] CWE-200 CVE-2016-6060: An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a J An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547.

CVE-2016-9748 [MEDIUM] CWE-200 CVE-2016-9748: IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response mes IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system.

CVE-2017-1127 [MEDIUM] CWE-79 CVE-2017-1127: IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vuln IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2017-1128 [MEDIUM] CWE-79 CVE-2017-1128: IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vul IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2016-2987 [MEDIUM] CWE-200 CVE-2016-2987: An undisclosed vulnerability in CLM applications may result in some administrative deployment parame An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.

CVE-2016-3014 [MEDIUM] CWE-79 CVE-2016-3014: Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 befo Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 a