Vulnerabilities > IBM > Rational Engineering Lifecycle Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-16 | CVE-2015-7485 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2018-01-16 | CVE-2015-7484 | Information Exposure vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0.7 iFix10 allow remote authenticated users with access to lifecycle projects to obtain sensitive information by sending a crafted URL to the Lifecycle Query Engine. | 4.0 |
| 2018-01-16 | CVE-2015-7474 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2017-12-27 | CVE-2017-1365 | Cross-site Scripting vulnerability in IBM products IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. | 3.5 |
| 2017-12-27 | CVE-2017-1191 | Unspecified vulnerability in IBM products An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. | 4.0 |
| 2017-12-11 | CVE-2017-1507 | Information Exposure vulnerability in IBM products IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. | 4.0 |
| 2017-11-27 | CVE-2017-1570 | Information Exposure vulnerability in IBM products IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. | 4.0 |
| 2017-11-27 | CVE-2017-1251 | Information Exposure vulnerability in IBM products An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. | 4.0 |
| 2017-11-27 | CVE-2017-1240 | Information Exposure vulnerability in IBM products IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. | 4.0 |
| 2017-11-27 | CVE-2016-6024 | Information Exposure vulnerability in IBM products IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. | 4.0 |