Ibm: >> Rational Software Architect Design Manager >> 6.0 Security Vulnerabilities
XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-01-16
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.
CVSS Score
4.3
EPSS Score
0.001
Published
2017-12-11
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.
CVSS Score
4.3
EPSS Score
0.001
Published
2017-11-27
IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-11-27
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.
CVSS Score
4.3
EPSS Score
0.001
Published
2017-11-27
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-11-27
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-06-13
IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.
CVSS Score
4.3
EPSS Score
0.355
Published
2017-06-13
IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,
CVSS Score
4.3
EPSS Score
0.002
Published
2017-05-15
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.
CVSS Score
8.1
EPSS Score
0.004
Published
2017-03-31