Ibm

Rational Engineering Lifecycle Manager

141 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2018-1846

  • EPSS 0.35%
  • Published 02.11.2018 15:29:00
  • Last modified 21.11.2024 04:00:29

IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive informa...

5.4

CVE-2018-1558

  • EPSS 0.16%
  • Published 02.10.2018 15:29:02
  • Last modified 21.11.2024 04:00:01

IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality p...

6.5

CVE-2018-1539

  • EPSS 0.12%
  • Published 25.09.2018 15:29:00
  • Last modified 21.11.2024 03:59:58

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.

5.4

CVE-2018-1560

  • EPSS 0.16%
  • Published 25.09.2018 15:29:00
  • Last modified 21.11.2024 04:00:01

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potenti...

7.1

CVE-2018-1588

  • EPSS 0.36%
  • Published 25.09.2018 15:29:00
  • Last modified 21.11.2024 04:00:02

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expo...

7.1

CVE-2018-1607

  • EPSS 0.36%
  • Published 25.09.2018 15:29:00
  • Last modified 21.11.2024 04:00:05

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive informati...

5.4

CVE-2018-1659

  • EPSS 0.11%
  • Published 25.09.2018 15:29:00
  • Last modified 21.11.2024 04:00:09

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potenti...

5.4

CVE-2018-1394

  • EPSS 0.11%
  • Published 20.08.2018 21:29:01
  • Last modified 21.11.2024 03:59:44

Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr...

5.4

CVE-2017-1753

  • EPSS 0.08%
  • Published 20.08.2018 21:29:00
  • Last modified 21.11.2024 03:22:18

Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135...

6.5

CVE-2018-1423

  • EPSS 0.19%
  • Published 10.07.2018 16:29:00
  • Last modified 21.11.2024 03:59:47

IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.