Vulnerabilities > IBM > Rational Engineering Lifecycle Manager > 4.0

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-16	CVE-2015-7485	Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity ibm CWE-79	5.4
2018-01-16	CVE-2015-7484	Information Exposure vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. network low complexity ibm CWE-200	4.3
2017-06-13	CVE-2017-1099	Information Exposure vulnerability in IBM products IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. network low complexity ibm CWE-200	4.3
2017-05-15	CVE-2016-9735	Information Exposure vulnerability in IBM products IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. network low complexity ibm CWE-200	4.3
2017-03-31	CVE-2016-9707	XXE vulnerability in IBM products IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. network low complexity ibm CWE-611	8.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.