Vulnerabilities > IBM > Rational Requirements Composer

DATE CVE VULNERABILITY TITLE RISK
2014-03-04 CVE-2014-0846 Cross-Site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2014-03-04 CVE-2014-0845 Improper Input Validation vulnerability in IBM products
Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
network
ibm CWE-20
4.9
4.9
2014-03-04 CVE-2014-0844 Information Disclosure vulnerability in IBM products
Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors.
network
ibm
3.5
3.5
2013-12-10 CVE-2013-5404 Cross-Site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element.
network
ibm CWE-79
3.5
3.5
2013-09-12 CVE-2013-3039 Improper Authentication vulnerability in IBM Rational Requirements Composer
IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. 		5.4
5.4
2013-09-12 CVE-2013-3038 Credentials Management vulnerability in IBM Rational Requirements Composer
Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors. 		5.4
5.4
2013-09-12 CVE-2013-3037 Permissions, Privileges, and Access Controls vulnerability in IBM Rational Requirements Composer
Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors.
local
ibm CWE-264
4.4
4.4
2013-09-12 CVE-2013-3036 Improper Input Validation vulnerability in IBM Rational Requirements Composer
Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
network
ibm CWE-20
4.9
4.9