Engineering Workflow Management

CVEs (61)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2021-20345	IBM Rational Quality Manager	—	0.00	Jun 2, 2021	IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force…
CVE-2021-20343	IBM Rational Quality Manager	—	0.00	Jun 2, 2021	IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force…
CVE-2021-20338	IBM Rational Quality Manager	—	0.00	Jun 2, 2021	IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2020-5030	IBM Rational Quality Manager	—	0.00	Jun 2, 2021	IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2020-4977	IBM Rational Quality Manager	—	0.00	Jun 2, 2021	IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…
CVE-2020-4732	IBM Rational Quality Manager	—	0.00	Jun 2, 2021	IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.
CVE-2020-4495	IBM Rational Quality Manager	—	0.02	Jun 2, 2021	IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions,…
CVE-2021-20519	IBM Rational Quality Manager	—	0.00	Apr 12, 2021	IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2020-4965	IBM Rational Quality Manager	—	0.00	Apr 12, 2021	IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.
CVE-2020-4964	IBM Rational Quality Manager	—	0.00	Apr 12, 2021	IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.
CVE-2020-4920	IBM Rational Quality Manager	—	0.00	Apr 12, 2021	IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…
CVE-2021-20520	IBM Rational Team Concert	—	0.00	Mar 30, 2021	IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2021-20518	IBM Rational Team Concert	—	0.00	Mar 30, 2021	IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2021-20506	IBM Rational Team Concert	—	0.00	Mar 30, 2021	IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2021-20504	IBM Rational Team Concert	—	0.00	Mar 30, 2021	IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2021-20503	IBM Rational Team Concert	—	0.00	Mar 30, 2021	IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2021-20502	IBM Rational Team Concert	—	0.00	Mar 30, 2021	IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.
CVE-2021-20447	IBM Rational Team Concert	—	0.00	Mar 30, 2021	IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2021-20352	IBM Rational Team Concert	—	0.00	Mar 30, 2021	IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2021-20351	IBM Rational Quality Manager	—	0.00	Mar 4, 2021	IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

CVE-2021-20345Jun 2, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force…
CVE-2021-20343Jun 2, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force…
CVE-2021-20338Jun 2, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2020-5030Jun 2, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2020-4977Jun 2, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…
CVE-2020-4732Jun 2, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.
CVE-2020-4495Jun 2, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.02
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions,…
CVE-2021-20519Apr 12, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2020-4965Apr 12, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.
CVE-2020-4964Apr 12, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.
CVE-2020-4920Apr 12, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…
CVE-2021-20520Mar 30, 2021
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2021-20518Mar 30, 2021
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2021-20506Mar 30, 2021
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2021-20504Mar 30, 2021
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2021-20503Mar 30, 2021
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2021-20502Mar 30, 2021
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.
CVE-2021-20447Mar 30, 2021
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2021-20352Mar 30, 2021
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2021-20351Mar 4, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

Page 2 of 4