Vulnerabilities > IBM > Rational Collaborative Lifecycle Management > 4.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-27 | CVE-2017-1191 | Unspecified vulnerability in IBM products An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. | 4.0 |
| 2017-07-05 | CVE-2016-9700 | Information Exposure vulnerability in IBM products IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. | 4.0 |
| 2017-07-05 | CVE-2016-9746 | Cross-site Scripting vulnerability in IBM products IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. | 3.5 |
| 2017-07-05 | CVE-2016-9733 | Cross-site Scripting vulnerability in IBM products IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. | 3.5 |
| 2017-07-05 | CVE-2016-9701 | Cross-site Scripting vulnerability in IBM products IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. | 3.5 |
| 2017-06-22 | CVE-2016-9747 | Cross-site Scripting vulnerability in IBM products IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. | 3.5 |
| 2017-02-08 | CVE-2016-6032 | Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. | 3.5 |
| 2017-02-08 | CVE-2016-2866 | Information Exposure vulnerability in IBM Rational Collaborative Lifecycle Management An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user. | 4.0 |
| 2017-02-01 | CVE-2016-6061 | Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management IBM Jazz Foundation is vulnerable to cross-site scripting. | 3.5 |
| 2017-02-01 | CVE-2016-6040 | Session Fixation vulnerability in IBM Rational Collaborative Lifecycle Management IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced. | 6.0 |