CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM » Rational Collaborative Lifecycle Management » 6.0.1 : Security Vulnerabilities

Cpe Name:cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0.1
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-4252 22 Dir. Trav. 2019-06-27 2019-10-09
5.0
None Remote Low Not required Partial None None
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.
2 CVE-2019-4250 79 XSS 2019-06-27 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648.
3 CVE-2019-4249 79 XSS 2019-06-27 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647.
4 CVE-2019-4084 200 +Info 2019-06-27 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384.
5 CVE-2019-4083 79 XSS 2019-06-27 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383.
6 CVE-2018-1983 79 XSS 2019-03-14 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154136.
7 CVE-2018-1952 79 XSS 2019-03-14 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153495.
8 CVE-2018-1916 79 XSS 2019-03-14 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152740.
9 CVE-2018-1893 79 XSS 2019-06-27 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157.
10 CVE-2018-1892 79 XSS 2019-06-27 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156.
11 CVE-2018-1829 79 XSS 2019-03-14 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150432.
12 CVE-2018-1828 79 XSS 2019-06-27 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431.
13 CVE-2018-1827 79 XSS 2019-06-27 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430.
14 CVE-2018-1826 79 XSS 2019-06-27 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429.
15 CVE-2018-1825 79 XSS 2019-03-14 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150428.
16 CVE-2018-1824 79 XSS 2019-03-14 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150427.
17 CVE-2018-1823 79 XSS 2019-03-14 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150426.
18 CVE-2018-1762 79 XSS 2018-11-29 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148616.
19 CVE-2018-1760 79 XSS 2019-06-27 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148614.
20 CVE-2018-1758 79 XSS 2019-06-27 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605.
21 CVE-2018-1734 200 +Info 2019-06-27 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838.
22 CVE-2018-1694 200 +Info 2018-11-06 2019-10-09
4.3
None Remote Medium Not required Partial None None
IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609.
23 CVE-2018-1688 79 XSS 2019-03-14 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145509.
24 CVE-2018-1658 20 XSS 2019-03-14 2019-10-02
3.5
None Remote Medium Single system None Partial None
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 144884.
25 CVE-2018-1606 200 +Info 2018-11-06 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796.
26 CVE-2018-1558 79 XSS 2018-10-02 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956.
27 CVE-2018-1492 384 2018-07-10 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.
28 CVE-2018-1423 200 +Info 2018-07-10 2019-10-09
4.0
None Remote Low Single system Partial None None
IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.
29 CVE-2017-1762 79 XSS 2018-03-23 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136006.
30 CVE-2017-1734 200 +Info 2018-04-24 2018-06-05
4.0
None Remote Low Single system Partial None None
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915.
31 CVE-2017-1725 200 +Info 2018-04-24 2018-06-04
4.0
None Remote Low Single system Partial None None
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) contain an undisclosed vulnerability with the potential for information disclosure. IBM X-Force ID: 134820.
32 CVE-2017-1717 79 XSS 2018-07-03 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134796.
33 CVE-2017-1715 79 XSS 2018-07-03 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134637.
34 CVE-2017-1701 326 +Info 2018-04-23 2018-05-23
4.0
None Remote Low Single system Partial None None
IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393.
35 CVE-2017-1700 863 DoS 2018-04-24 2019-10-02
4.0
None Remote Low Single system None None Partial
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392.
36 CVE-2017-1691 79 XSS 2018-07-03 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134066.
37 CVE-2017-1690 79 XSS 2018-07-03 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134065.
38 CVE-2017-1655 79 XSS 2018-03-23 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133379.
39 CVE-2017-1653 79 XSS 2018-01-26 2018-02-09
3.5
None Remote Medium Single system None Partial None
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268.
40 CVE-2017-1652 79 XSS 2018-07-03 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133263.
41 CVE-2017-1651 79 XSS 2018-07-03 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133261.
42 CVE-2017-1629 79 XSS 2018-03-23 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133127.
43 CVE-2017-1621 79 XSS 2018-07-03 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133088.
44 CVE-2017-1608 79 XSS 2018-07-03 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132928.
45 CVE-2017-1602 552 2018-03-23 2019-10-09
4.0
None Remote Low Single system None Partial None
IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625.
46 CVE-2017-1592 79 XSS 2018-07-03 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132493.
47 CVE-2017-1570 200 +Info 2017-11-27 2017-12-14
4.0
None Remote Low Single system Partial None None
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.
48 CVE-2017-1568 79 XSS 2018-07-03 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131778.
49 CVE-2017-1565 79 XSS 2018-07-03 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131765.
50 CVE-2017-1564 79 XSS 2018-07-03 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131764.
Total number of vulnerabilities : 119   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.