Rational Quality Manager
by IBM
CVEs (178)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2986 | Med | 0.35 | 5.4 | 0.01 | Nov 25, 2016 | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational… | ||
| CVE-2016-2864 | Med | 0.35 | 5.4 | 0.01 | Nov 24, 2016 | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before… | ||
| CVE-2016-0285 | Med | 0.35 | 5.4 | 0.01 | Nov 24, 2016 | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before… | ||
| CVE-2016-0284 | Med | 0.35 | 5.4 | 0.01 | Nov 24, 2016 | The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before… | ||
| CVE-2016-0273 | Med | 0.35 | 5.4 | 0.01 | Nov 24, 2016 | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before… | ||
| CVE-2015-7471 | Med | 0.31 | 4.8 | 0.01 | Mar 15, 2018 | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6… | ||
| CVE-2016-6037 | Med | 0.31 | 4.8 | 0.01 | May 10, 2017 | IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security… | ||
| CVE-2018-1492 | Med | 0.28 | 4.3 | 0.00 | Jul 10, 2018 | IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977. | ||
| CVE-2018-1423 | Med | 0.28 | 4.3 | 0.01 | Jul 10, 2018 | IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026. | ||
| CVE-2017-1509 | Med | 0.28 | 4.3 | 0.01 | Jul 6, 2018 | IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719. | ||
| CVE-2017-1239 | Med | 0.28 | 4.3 | 0.01 | Jul 6, 2018 | IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357. | ||
| CVE-2017-1734 | Med | 0.28 | 4.3 | 0.01 | Apr 24, 2018 | IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody… | ||
| CVE-2017-1725 | Med | 0.28 | 4.3 | 0.01 | Apr 24, 2018 | IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody… | ||
| CVE-2017-1191 | Med | 0.28 | 4.3 | 0.01 | Dec 27, 2017 | An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661. | ||
| CVE-2017-1507 | Med | 0.28 | 4.3 | 0.01 | Dec 11, 2017 | IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619. | ||
| CVE-2017-1570 | Med | 0.28 | 4.3 | 0.01 | Nov 27, 2017 | IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852. | ||
| CVE-2017-1251 | Med | 0.28 | 4.3 | 0.01 | Nov 27, 2017 | An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631. | ||
| CVE-2017-1240 | Med | 0.28 | 4.3 | 0.01 | Nov 27, 2017 | IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359. | ||
| CVE-2016-6024 | Med | 0.28 | 4.3 | 0.01 | Nov 27, 2017 | IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868. | ||
| CVE-2016-9700 | Med | 0.28 | 4.3 | 0.01 | Jul 5, 2017 | IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528. |
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational…
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before…
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before…
- risk 0.35cvss 5.4epss 0.01
The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before…
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before…
- risk 0.31cvss 4.8epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6…
- risk 0.31cvss 4.8epss 0.01
IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security…
- risk 0.28cvss 4.3epss 0.00
IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.
- risk 0.28cvss 4.3epss 0.01
IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.
- risk 0.28cvss 4.3epss 0.01
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719.
- risk 0.28cvss 4.3epss 0.01
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357.
- risk 0.28cvss 4.3epss 0.01
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody…
- risk 0.28cvss 4.3epss 0.01
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody…
- risk 0.28cvss 4.3epss 0.01
An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.
- risk 0.28cvss 4.3epss 0.01
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.
- risk 0.28cvss 4.3epss 0.01
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.
- risk 0.28cvss 4.3epss 0.01
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.
- risk 0.28cvss 4.3epss 0.01
IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.
- risk 0.28cvss 4.3epss 0.01
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.
- risk 0.28cvss 4.3epss 0.01
IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528.
Page 5 of 9