Vulnerabilities > IBM > Rational Rhapsody Design Manager > 4.0.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-08 | CVE-2016-9698 | XXE vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 7.5 |
| 2017-05-15 | CVE-2016-9735 | Information Exposure vulnerability in IBM products IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. | 4.0 |
| 2017-03-31 | CVE-2016-9707 | XXE vulnerability in IBM products IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 7.5 |
| 2017-03-20 | CVE-2016-9697 | Information Exposure vulnerability in IBM Rational Rhapsody Design Manager An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. | 2.1 |
| 2017-03-20 | CVE-2016-9696 | Cross-site Scripting vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. | 3.5 |
| 2017-03-20 | CVE-2016-9694 | Cross-site Scripting vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 3.5 |
| 2017-03-20 | CVE-2016-8973 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. | 4.0 |
| 2017-02-23 | CVE-2016-8974 | XXE vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 7.5 |
| 2017-02-01 | CVE-2016-2987 | Information Exposure vulnerability in IBM products An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. | 4.0 |
| 2016-11-30 | CVE-2016-3014 | Cross-site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |