VYPR

Rational Engineering Lifecycle Manager

by IBM

CVEs (118)

  • CVE-2016-9707HigMar 31, 2017
    risk 0.53cvss 8.1epss 0.02

    IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM…

  • CVE-2026-4051HigMay 26, 2026
    risk 0.47cvss 7.2epss 0.00

    IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.

  • CVE-2026-3603HigMay 26, 2026
    risk 0.46cvss 7.1epss 0.00

    IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through  Interim Fix 021, 7.1.0  Interim Fix 001 through  Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated…

  • CVE-2018-1607HigSep 25, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory…

  • CVE-2018-1588HigSep 25, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or…

  • CVE-2015-1928MedJan 2, 2016
    risk 0.44cvss 6.8epss 0.01

    Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0…

  • CVE-2017-1700MedApr 24, 2018
    risk 0.42cvss 6.5epss 0.01

    IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody…

  • CVE-2018-1659MedSep 25, 2018
    risk 0.35cvss 5.4epss 0.01

    IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2018-1560MedSep 25, 2018
    risk 0.35cvss 5.4epss 0.01

    IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials…

  • CVE-2018-1539MedSep 25, 2018
    risk 0.35cvss 5.4epss 0.01

    IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.

  • CVE-2018-1394MedAug 20, 2018
    risk 0.35cvss 5.4epss 0.01

    Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

  • CVE-2017-1753MedAug 20, 2018
    risk 0.35cvss 5.4epss 0.01

    Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.

  • CVE-2017-1237MedJul 6, 2018
    risk 0.35cvss 5.4epss 0.01

    IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2015-7486MedJan 16, 2018
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via…

  • CVE-2015-7485MedJan 16, 2018
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via…

  • CVE-2015-7474MedJan 16, 2018
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script…

  • CVE-2017-1365MedDec 27, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…

  • CVE-2017-1429MedOct 3, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2017-1369MedOct 3, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2017-1364MedOct 3, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

Page 1 of 6