Vulnerabilities > IBM > Rational Quality Manager

DATE CVE VULNERABILITY TITLE RISK
2018-03-15 CVE-2015-7440 Permissions, Privileges, and Access Controls vulnerability in IBM products
IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors.
local
low complexity
ibm CWE-264
7.8
2018-01-26 CVE-2017-1653 Cross-site Scripting vulnerability in IBM products
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2018-01-16 CVE-2016-0219 XXE vulnerability in IBM products
XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data.
network
low complexity
ibm CWE-611
6.5
2017-12-27 CVE-2017-1365 Cross-site Scripting vulnerability in IBM products
IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-12-27 CVE-2017-1191 Unspecified vulnerability in IBM products
An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access.
network
low complexity
ibm
4.3
2017-12-11 CVE-2017-1507 Information Exposure vulnerability in IBM products
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system.
network
low complexity
ibm CWE-200
4.3
2017-11-27 CVE-2017-1570 Information Exposure vulnerability in IBM products
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces.
network
low complexity
ibm CWE-200
4.3
2017-11-27 CVE-2017-1251 Information Exposure vulnerability in IBM products
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.
network
low complexity
ibm CWE-200
4.3
2017-11-27 CVE-2017-1240 Information Exposure vulnerability in IBM products
IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses.
network
low complexity
ibm CWE-200
4.3
2017-11-27 CVE-2016-6024 Information Exposure vulnerability in IBM products
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages.
network
low complexity
ibm CWE-200
4.3