Ibm Rational Quality Manager vulnerabilities

201 known vulnerabilities affecting ibm/rational_quality_manager.

Total CVEs

201

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

HIGH7MEDIUM182LOW12

Vulnerabilities

Page 9 of 11

CVE-2016-9700MEDIUMCVSS 4.3v4.0v4.0.0+17 more2017-07-05

CVE-2016-9700 [MEDIUM] CWE-200 CVE-2016-9700: IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528.

nvd

CVE-2017-1100MEDIUMCVSS 5.4v4.0v4.0.0.1+15 more2017-06-13

CVE-2017-1100 [MEDIUM] CWE-79 CVE-2017-1100: IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerabilit IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661.

cvelistv5nvd

CVE-2017-1104MEDIUMCVSS 5.4v4.0v4.0.0.1+15 more2017-06-13

CVE-2017-1104 [MEDIUM] CWE-79 CVE-2017-1104: IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerabilit IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120666.

cvelistv5nvd

CVE-2017-1102MEDIUMCVSS 5.4v4.0v4.0.0.1+15 more2017-06-13

CVE-2017-1102 [MEDIUM] CWE-79 CVE-2017-1102: IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerabilit IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663.

cvelistv5nvd

CVE-2017-1099MEDIUMCVSS 4.3v4.0v4.0.1+13 more2017-06-13

CVE-2017-1099 [MEDIUM] CWE-200 CVE-2017-1099: IBM Jazz Foundation could expose potentially sensitive information to authenticated users through st IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.

nvd

CVE-2016-9973MEDIUMCVSS 5.4v4.0v4.0.1+13 more2017-06-13

CVE-2016-9973 [MEDIUM] CWE-79 CVE-2016-9973: IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.

nvd

CVE-2017-1101MEDIUMCVSS 5.4v4.0v4.0.0.1+15 more2017-06-13

CVE-2017-1101 [MEDIUM] CWE-79 CVE-2017-1101: IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerabilit IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662.

cvelistv5nvd

CVE-2016-9735MEDIUMCVSS 4.3v4.0v4.0.1+13 more2017-05-15

CVE-2016-9735 [MEDIUM] CWE-200 CVE-2016-9735: IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack tra IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,

nvd

CVE-2017-1103HIGHCVSS 8.1v4.0.0v4.0.1+12 more2017-05-10

CVE-2017-1103 [HIGH] CWE-611 CVE-2017-1103: IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Inject IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665.

nvd

CVE-2016-6037MEDIUMCVSS 4.8v4.0.0v4.0.1+12 more2017-05-10

CVE-2016-6037 [MEDIUM] CWE-79 CVE-2016-6037: IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project admi IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918.

nvd

CVE-2016-6035MEDIUMCVSS 5.4v4.0.0v4.0.1+12 more2017-05-10

CVE-2016-6035 [MEDIUM] CWE-79 CVE-2016-6035: IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896.

nvd

CVE-2016-9707HIGHCVSS 8.1v4.0v4.0.0.1+15 more2017-03-31

CVE-2016-9707 [HIGH] CWE-611 CVE-2016-9707: IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.

nvd

CVE-2016-6022MEDIUMCVSS 5.4v4.0v4.0.1+13 more2017-03-31

CVE-2016-6022 [MEDIUM] CWE-79 CVE-2016-6022: IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerabili IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.

nvd

CVE-2016-6031MEDIUMCVSS 5.4v4.0v4.0.1+13 more2017-03-31

CVE-2016-6031 [MEDIUM] CWE-79 CVE-2016-6031: IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerab IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.

nvd

CVE-2016-6036MEDIUMCVSS 5.4v4.0v4.0.1+13 more2017-03-31

CVE-2016-6036 [MEDIUM] CWE-79 CVE-2016-6036: IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vu IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.

nvd

CVE-2016-2987MEDIUMCVSS 4.3v4.0.0v4.0.0.1+13 more2017-02-01

CVE-2016-2987 [MEDIUM] CWE-200 CVE-2016-2987: An undisclosed vulnerability in CLM applications may result in some administrative deployment parame An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.

nvd

CVE-2016-3014MEDIUMCVSS 5.4v4.0.0v4.0.1+9 more2016-11-30

CVE-2016-3014 [MEDIUM] CWE-79 CVE-2016-3014: Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 befo Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 a

nvd

CVE-2016-2926MEDIUMCVSS 5.4v3.0.1.6v4.0.0+13 more2016-11-25

CVE-2016-2926 [MEDIUM] CWE-79 CVE-2016-2926: Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 befo Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 b

nvd

CVE-2016-2986MEDIUMCVSS 5.4v6.0.0v6.0.1+1 more2016-11-25

CVE-2016-2986 [MEDIUM] CWE-79 CVE-2016-2986: Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x befo Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle Manager 6.x before 6.0.1 iFix6, and Rational Rhapsody Des

nvd

CVE-2016-2947LOWCVSS 2.7v3.0.1.6v4.0.0+13 more2016-11-25

CVE-2016-2947 [LOW] CWE-200 CVE-2016-2947: IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, an IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generat

nvd

← Previous9 / 11Next →