Vulnerabilities > IBM > Rational Engineering Lifecycle Manager

DATE CVE VULNERABILITY TITLE RISK
2018-11-02 CVE-2018-1846 XXE vulnerability in IBM Rational Engineering Lifecycle Manager
IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2018-10-02 CVE-2018-1558 Cross-site Scripting vulnerability in IBM products
IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2018-09-25 CVE-2018-1659 Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2018-09-25 CVE-2018-1607 XXE vulnerability in IBM Rational Engineering Lifecycle Manager
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2018-09-25 CVE-2018-1588 XXE vulnerability in IBM Rational Engineering Lifecycle Manager
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2018-09-25 CVE-2018-1560 Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2018-09-25 CVE-2018-1539 Improper Authentication vulnerability in IBM Rational Engineering Lifecycle Manager
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended.
network
low complexity
ibm CWE-287
6.5
2018-08-20 CVE-2018-1394 Cross-site Scripting vulnerability in IBM products
Multiple IBM Rational products are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2018-08-20 CVE-2017-1753 Code Injection vulnerability in IBM products
Multiple IBM Rational products are vulnerable to HTML injection.
network
low complexity
ibm CWE-94
5.4
2018-07-10 CVE-2018-1492 Session Fixation vulnerability in IBM products
IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session.
low complexity
ibm CWE-384
6.8