Vulnerabilities > IBM > Rational Engineering Lifecycle Manager > 5.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-02 | CVE-2018-1558 | Cross-site Scripting vulnerability in IBM products IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. | 3.5 |
| 2018-09-25 | CVE-2018-1659 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. | 3.5 |
| 2018-09-25 | CVE-2018-1607 | XXE vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2018-09-25 | CVE-2018-1588 | XXE vulnerability in IBM Rational Engineering Lifecycle Manager IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2018-09-25 | CVE-2018-1560 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. | 3.5 |
| 2018-09-25 | CVE-2018-1539 | Improper Authentication vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. | 6.4 |
| 2018-08-20 | CVE-2018-1394 | Cross-site Scripting vulnerability in IBM products Multiple IBM Rational products are vulnerable to cross-site scripting. | 3.5 |
| 2018-08-20 | CVE-2017-1753 | Code Injection vulnerability in IBM products Multiple IBM Rational products are vulnerable to HTML injection. | 3.5 |
| 2018-07-10 | CVE-2018-1492 | Session Fixation vulnerability in IBM products IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. | 4.6 |
| 2018-07-10 | CVE-2018-1423 | Information Exposure vulnerability in IBM products IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. | 4.0 |