Vulnerabilities > IBM > Rational Engineering Lifecycle Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-01-16 CVE-2015-7474 Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager
Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
2017-12-27 CVE-2017-1365 Cross-site Scripting vulnerability in IBM products
IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-12-27 CVE-2017-1191 Unspecified vulnerability in IBM products
An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access.
network
low complexity
ibm
4.3
2017-12-11 CVE-2017-1507 Information Exposure vulnerability in IBM products
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system.
network
low complexity
ibm CWE-200
4.3
2017-11-27 CVE-2017-1570 Information Exposure vulnerability in IBM products
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces.
network
low complexity
ibm CWE-200
4.3
2017-11-27 CVE-2017-1251 Information Exposure vulnerability in IBM products
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.
network
low complexity
ibm CWE-200
4.3
2017-11-27 CVE-2017-1240 Information Exposure vulnerability in IBM products
IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses.
network
low complexity
ibm CWE-200
4.3
2017-11-27 CVE-2016-6024 Information Exposure vulnerability in IBM products
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages.
network
low complexity
ibm CWE-200
4.3
2017-10-03 CVE-2017-1429 Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-10-03 CVE-2017-1369 Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4