Vulnerabilities > IBM > Rational Engineering Lifecycle Manager > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-27 | CVE-2021-29774 | Unspecified vulnerability in IBM products IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. | 7.5 |
| 2021-10-27 | CVE-2021-29844 | Server-Side Request Forgery (SSRF) vulnerability in IBM products IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). | 8.8 |
| 2021-06-02 | CVE-2020-4495 | Unspecified vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. | 8.8 |
| 2021-04-12 | CVE-2020-4965 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-03-30 | CVE-2021-20502 | XXE vulnerability in IBM products IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2019-06-27 | CVE-2019-4252 | Path Traversal vulnerability in IBM products IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2019-05-01 | CVE-2018-1608 | Inadequate Encryption Strength vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2018-11-02 | CVE-2018-1846 | XXE vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-09-25 | CVE-2018-1607 | XXE vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-09-25 | CVE-2018-1588 | XXE vulnerability in IBM Rational Engineering Lifecycle Manager IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |