Vulnerabilities > IBM > Rational Collaborative Lifecycle Management > 6.0.0

DATE CVE VULNERABILITY TITLE RISK
2017-02-15 CVE-2016-8968 Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management 6.0.0/6.0.1/6.0.2
IBM Jazz Foundation is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-02-08 CVE-2016-6032 Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management
IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-02-08 CVE-2016-2866 Information Exposure vulnerability in IBM Rational Collaborative Lifecycle Management
An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user.
network
low complexity
ibm CWE-200
4.0
4.0
2017-02-01 CVE-2016-6061 Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management
IBM Jazz Foundation is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-02-01 CVE-2016-6040 Session Fixation vulnerability in IBM Rational Collaborative Lifecycle Management
IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.
network
ibm CWE-384
6.0
6.0
2017-02-01 CVE-2016-6030 Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management
IBM Jazz Foundation is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-02-01 CVE-2016-6028 Permissions, Privileges, and Access Controls vulnerability in IBM Rational Collaborative Lifecycle Management
IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view.
network
low complexity
ibm CWE-264
4.0
4.0
2016-11-25 CVE-2016-2926 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2016-11-25 CVE-2016-2947 Information Exposure vulnerability in IBM products
IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-200
4.0
4.0
2016-11-24 CVE-2016-2864 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5