Ibm Rational Team Concert vulnerabilities

147 known vulnerabilities affecting ibm/rational_team_concert.

Total CVEs

147

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH9MEDIUM127LOW11

Vulnerabilities

Page 8 of 8

CVE-2014-3092MEDIUMCVSS 5.0v2.0v2.0.0.1+19 more2014-09-12

CVE-2014-3092 [MEDIUM] CWE-200 CVE-2014-3092: IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manag IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting

CVE-2014-3050LOWCVSS 3.5v4.0v4.0.0.1+15 more2014-07-29

CVE-2014-3050 [LOW] CWE-200 CVE-2014-3050: IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integr IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors.

CVE-2013-5404LOWCVSS 3.5v2.0v2.0.0.1+14 more2013-12-10

CVE-2013-5404 [LOW] CWE-79 CVE-2013-5404: Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manage Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involvin

CVE-2012-0748MEDIUMCVSS 6.8v4.02012-10-01

CVE-2012-0748 [MEDIUM] CWE-352 CVE-2012-0748: Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified services in IBM Rational T Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified services in IBM Rational Team Concert (RTC) 4.x before 4.0.0.1 allow remote attackers to hijack the authentication of arbitrary users for requests that modify work items.

CVE-2011-2607MEDIUMCVSS 4.3v3.02011-06-30

CVE-2011-2607 [MEDIUM] CWE-79 CVE-2011-2607: Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 3.0 allows remote attack Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165513.

CVE-2011-2606MEDIUMCVSS 4.3v3.02011-06-30

CVE-2011-2606 [MEDIUM] CWE-79 CVE-2011-2606: Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational Team Concert (RTC) 3.0 allows Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165511.

CVE-2011-1029LOWCVSS 3.5v2.0.0.1v2.0.0.22011-02-14

CVE-2011-1029 [LOW] CWE-79 CVE-2011-1029: Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote au Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report.

← Previous8 / 8