Search criteria
180 vulnerabilities found for rational_rhapsody_design_manager by ibm
CVE-2021-29844 (GCVE-0-2021-29844)
Vulnerability from nvd – Published: 2021-10-27 16:00 – Updated: 2024-09-16 17:59
VLAI?
Summary
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Engineering Workflow Management |
Affected:
7.0
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"name": "ibm-engineering-cve202129844-ssrf (205205)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:L/C:L/S:U/PR:L/AV:N/A:N/UI:N/AC:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T16:00:31",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"name": "ibm-engineering-cve202129844-ssrf (205205)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-25T00:00:00",
"ID": "CVE-2021-29844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6508583",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"name": "ibm-engineering-cve202129844-ssrf (205205)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29844",
"datePublished": "2021-10-27T16:00:31.302142Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T17:59:19.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4733 (GCVE-0-2020-4733)
Vulnerability from nvd – Published: 2021-01-08 20:40 – Updated: 2024-09-17 00:25
VLAI?
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0.2
Affected: 6.0.6 Affected: 6.0.6.1 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204733-xss (188127)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Engineering Test Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Quality Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Rhapsody Model Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.0.2"
}
]
},
{
"product": "Rational Rhapsody Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/A:N/S:C/AC:L/UI:R/C:L/I:L/AV:N/RL:O/RC:C/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T20:40:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204733-xss (188127)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188127"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Engineering Test Management",
"version": {
"version_data": [
{
"version_value": "7.0.0"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Rhapsody Model Manager",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "6.0.2"
}
]
}
},
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398742",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204733-xss (188127)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188127"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4733",
"datePublished": "2021-01-08T20:40:25.291517Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T00:25:50.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4697 (GCVE-0-2020-4697)
Vulnerability from nvd – Published: 2021-01-08 20:40 – Updated: 2024-09-17 03:34
VLAI?
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Rational Team Concert |
Affected:
6.0.2
Affected: 6.0.6 Affected: 6.0.6.1 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:57.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204697-xss (186790)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186790"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Rhapsody Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Rhapsody Model Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.0.2"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Quality Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Test Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/I:L/C:L/AC:L/UI:R/A:N/S:C/PR:L/RC:C/E:H/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T20:40:24",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204697-xss (186790)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186790"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Rhapsody Model Manager",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "6.0.2"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Test Management",
"version": {
"version_data": [
{
"version_value": "7.0.0"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398742",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204697-xss (186790)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186790"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4697",
"datePublished": "2021-01-08T20:40:24.603243Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T03:34:13.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4691 (GCVE-0-2020-4691)
Vulnerability from nvd – Published: 2021-01-08 20:40 – Updated: 2024-09-17 01:26
VLAI?
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Rational Rhapsody Design Manager |
Affected:
6.0.2
Affected: 6.0.6 Affected: 6.0.6.1 Affected: 7.0 Affected: 7.0.1 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:57.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204691-xss (186698)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Rhapsody Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Rhapsody Model Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.0.2"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Engineering Test Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Quality Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/I:L/C:L/AC:L/UI:R/A:N/S:U/PR:L/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T20:40:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204691-xss (186698)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Rhapsody Model Manager",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "6.0.2"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Engineering Test Management",
"version": {
"version_data": [
{
"version_value": "7.0.0"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398742",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204691-xss (186698)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4691",
"datePublished": "2021-01-08T20:40:23.887295Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T01:26:13.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4544 (GCVE-0-2020-4544)
Vulnerability from nvd – Published: 2021-01-08 20:40 – Updated: 2024-09-17 00:41
VLAI?
Summary
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Engineering Workflow Management |
Affected:
7.0
Affected: 7.0.1 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204544-info-disc (183189)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Quality Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Test Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Rhapsody Model Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.0.2"
}
]
},
{
"product": "Rational Rhapsody Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
}
],
"datePublic": "2021-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/S:U/PR:L/AV:N/I:N/AC:L/UI:N/C:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T20:40:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204544-info-disc (183189)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183189"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Test Management",
"version": {
"version_data": [
{
"version_value": "7.0.0"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Rhapsody Model Manager",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "6.0.2"
}
]
}
},
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398742",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204544-info-disc (183189)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183189"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4544",
"datePublished": "2021-01-08T20:40:23.147853Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T00:41:58.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4487 (GCVE-0-2020-4487)
Vulnerability from nvd – Published: 2021-01-08 20:40 – Updated: 2024-09-16 18:50
VLAI?
Summary
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Engineering Lifecycle Optimization |
Affected:
7.0
Affected: 7.0.1 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:48.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204487-info-disc (181862)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Rhapsody Model Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.0.2"
}
]
},
{
"product": "Rational Rhapsody Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Test Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Quality Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:L/A:N/S:U/C:L/AC:L/UI:N/AV:N/I:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T20:40:22",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204487-info-disc (181862)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181862"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Rhapsody Model Manager",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "6.0.2"
}
]
}
},
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Test Management",
"version": {
"version_data": [
{
"version_value": "7.0.0"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398742",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204487-info-disc (181862)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181862"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4487",
"datePublished": "2021-01-08T20:40:22.413554Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T18:50:20.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4525 (GCVE-0-2020-4525)
Vulnerability from nvd – Published: 2020-08-04 16:00 – Updated: 2024-09-17 02:51
VLAI?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182435.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Rhapsody Design Manager |
Affected:
6.0.2
Affected: 7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:48.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6255694"
},
{
"name": "ibm-ewm-cve20204525-xss (182435)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182435"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Rhapsody Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "7.0"
}
]
}
],
"datePublic": "2020-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182435."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/I:L/A:N/S:C/PR:L/C:L/AC:L/AV:N/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-04T16:00:26",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6255694"
},
{
"name": "ibm-ewm-cve20204525-xss (182435)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182435"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-08-03T00:00:00",
"ID": "CVE-2020-4525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182435."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6255694",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6255694 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6255694"
},
{
"name": "ibm-ewm-cve20204525-xss (182435)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182435"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4525",
"datePublished": "2020-08-04T16:00:26.440002Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T02:51:30.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4410 (GCVE-0-2020-4410)
Vulnerability from nvd – Published: 2020-08-04 16:00 – Updated: 2024-09-16 22:50
VLAI?
Summary
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Rhapsody Design Manager |
Affected:
6.0.2
Affected: 7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:47.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6255694"
},
{
"name": "ibm-etm-cve20204410-info-disc (179539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Rhapsody Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "7.0"
}
]
}
],
"datePublic": "2020-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/UI:N/A:N/I:N/S:U/PR:L/C:L/AC:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-04T16:00:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6255694"
},
{
"name": "ibm-etm-cve20204410-info-disc (179539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-08-03T00:00:00",
"ID": "CVE-2020-4410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6255694",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6255694 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6255694"
},
{
"name": "ibm-etm-cve20204410-info-disc (179539)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4410",
"datePublished": "2020-08-04T16:00:25.516660Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T22:50:36.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4252 (GCVE-0-2019-4252)
Vulnerability from nvd – Published: 2019-06-27 13:45 – Updated: 2024-09-16 18:23
VLAI?
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0
Affected: 6.0.1 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rtc-cve20194252-info-disc (159883)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/S:U/I:N/C:H/PR:L/AV:N/UI:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rtc-cve20194252-info-disc (159883)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-25T00:00:00",
"ID": "CVE-2019-4252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rtc-cve20194252-info-disc (159883)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4252",
"datePublished": "2019-06-27T13:45:29.960679Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:23:47.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4250 (GCVE-0-2019-4250)
Vulnerability from nvd – Published: 2019-06-27 13:45 – Updated: 2024-09-16 17:28
VLAI?
Summary
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0
Affected: 6.0.1 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-jazz-cve20194250-xss (159648)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/PR:L/UI:R/AC:L/A:N/S:C/I:L/C:L/RL:O/E:H/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-jazz-cve20194250-xss (159648)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-25T00:00:00",
"ID": "CVE-2019-4250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-jazz-cve20194250-xss (159648)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4250",
"datePublished": "2019-06-27T13:45:29.921691Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:28:19.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4249 (GCVE-0-2019-4249)
Vulnerability from nvd – Published: 2019-06-27 13:45 – Updated: 2024-09-16 19:57
VLAI?
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0
Affected: 6.0.1 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rtc-cve20194249-xss (159647)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/UI:R/PR:L/AV:N/S:C/I:L/C:L/A:N/AC:L/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rtc-cve20194249-xss (159647)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-25T00:00:00",
"ID": "CVE-2019-4249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rtc-cve20194249-xss (159647)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4249",
"datePublished": "2019-06-27T13:45:29.879839Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:57:28.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4084 (GCVE-0-2019-4084)
Vulnerability from nvd – Published: 2019-06-27 13:45 – Updated: 2024-09-16 22:46
VLAI?
Summary
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0
Affected: 6.0.1 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:28.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-jazz-cve20194084-info-disc (157384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/AV:N/PR:L/S:U/I:N/C:L/AC:L/A:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-jazz-cve20194084-info-disc (157384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157384"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-25T00:00:00",
"ID": "CVE-2019-4084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-jazz-cve20194084-info-disc (157384)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157384"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4084",
"datePublished": "2019-06-27T13:45:29.805463Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T22:46:44.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4083 (GCVE-0-2019-4083)
Vulnerability from nvd – Published: 2019-06-27 13:45 – Updated: 2024-09-16 18:03
VLAI?
Summary
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0
Affected: 6.0.1 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-jazz-cve20194083-xss (157383)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/UI:R/PR:L/AV:N/C:L/S:C/I:L/A:N/AC:L/RC:C/E:H/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-jazz-cve20194083-xss (157383)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-25T00:00:00",
"ID": "CVE-2019-4083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-jazz-cve20194083-xss (157383)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/157383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4083",
"datePublished": "2019-06-27T13:45:29.751790Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:03:28.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1893 (GCVE-0-2018-1893)
Vulnerability from nvd – Published: 2019-06-27 13:45 – Updated: 2024-09-16 23:11
VLAI?
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0
Affected: 6.0.1 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181893-xss (152157)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/UI:R/AV:N/PR:L/I:L/S:C/C:L/AC:L/A:N/RL:O/E:H/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181893-xss (152157)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-25T00:00:00",
"ID": "CVE-2018-1893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181893-xss (152157)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1893",
"datePublished": "2019-06-27T13:45:29.712887Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T23:11:08.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1892 (GCVE-0-2018-1892)
Vulnerability from nvd – Published: 2019-06-27 13:45 – Updated: 2024-09-16 22:50
VLAI?
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0
Affected: 6.0.1 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181892-xss (152156)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/C:L/I:L/S:C/AC:L/A:N/UI:R/AV:N/PR:L/RL:O/RC:C/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181892-xss (152156)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-25T00:00:00",
"ID": "CVE-2018-1892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181892-xss (152156)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1892",
"datePublished": "2019-06-27T13:45:29.670935Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T22:50:38.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1828 (GCVE-0-2018-1828)
Vulnerability from nvd – Published: 2019-06-27 13:45 – Updated: 2024-09-17 00:31
VLAI?
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0
Affected: 6.0.1 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181828-xss (150431)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/UI:R/AV:N/PR:L/I:L/S:C/C:L/AC:L/A:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181828-xss (150431)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-25T00:00:00",
"ID": "CVE-2018-1828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181828-xss (150431)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1828",
"datePublished": "2019-06-27T13:45:29.629889Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T00:31:41.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1827 (GCVE-0-2018-1827)
Vulnerability from nvd – Published: 2019-06-27 13:45 – Updated: 2024-09-17 01:00
VLAI?
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0
Affected: 6.0.1 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181827-xss (150430)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150430"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/AV:N/UI:R/A:N/AC:L/I:L/S:C/C:L/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181827-xss (150430)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150430"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-25T00:00:00",
"ID": "CVE-2018-1827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181827-xss (150430)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150430"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1827",
"datePublished": "2019-06-27T13:45:29.587288Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T01:00:37.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1826 (GCVE-0-2018-1826)
Vulnerability from nvd – Published: 2019-06-27 13:45 – Updated: 2024-09-17 00:42
VLAI?
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429.
Severity ?
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0
Affected: 6.0.1 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181826-xss (150429)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/PR:L/UI:R/AC:L/A:N/C:L/S:C/I:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181826-xss (150429)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-25T00:00:00",
"ID": "CVE-2018-1826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150429."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181826-xss (150429)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1826",
"datePublished": "2019-06-27T13:45:29.542976Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T00:42:16.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1760 (GCVE-0-2018-1760)
Vulnerability from nvd – Published: 2019-06-27 13:45 – Updated: 2024-09-16 19:00
VLAI?
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148614.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0
Affected: 6.0.1 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181760-xss (148614)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148614."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/A:N/I:L/S:C/C:L/AV:N/PR:L/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181760-xss (148614)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148614"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-25T00:00:00",
"ID": "CVE-2018-1760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148614."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181760-xss (148614)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148614"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1760",
"datePublished": "2019-06-27T13:45:29.501504Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T19:00:32.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1758 (GCVE-0-2018-1758)
Vulnerability from nvd – Published: 2019-06-27 13:45 – Updated: 2024-09-17 00:11
VLAI?
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0
Affected: 6.0.1 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181758-xss (148605)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/A:N/I:L/S:C/C:L/AV:N/PR:L/UI:R/RL:O/E:H/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181758-xss (148605)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-25T00:00:00",
"ID": "CVE-2018-1758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rqm-cve20181758-xss (148605)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1758",
"datePublished": "2019-06-27T13:45:29.457874Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T00:11:06.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1734 (GCVE-0-2018-1734)
Vulnerability from nvd – Published: 2019-06-27 13:45 – Updated: 2024-09-16 23:36
VLAI?
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0
Affected: 6.0.1 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rhapsody-cve20181734-info-disc (147838)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147838"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/PR:L/AV:N/C:L/I:N/S:U/A:N/AC:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rhapsody-cve20181734-info-disc (147838)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147838"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-25T00:00:00",
"ID": "CVE-2018-1734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a malicious user to orchestrate further attacks. IBM X-Force ID: 147838."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rhapsody-cve20181734-info-disc (147838)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147838"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1734",
"datePublished": "2019-06-27T13:45:29.388873Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T23:36:31.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29844 (GCVE-0-2021-29844)
Vulnerability from cvelistv5 – Published: 2021-10-27 16:00 – Updated: 2024-09-16 17:59
VLAI?
Summary
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Engineering Workflow Management |
Affected:
7.0
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:03.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"name": "ibm-engineering-cve202129844-ssrf (205205)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:L/C:L/S:U/PR:L/AV:N/A:N/UI:N/AC:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T16:00:31",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"name": "ibm-engineering-cve202129844-ssrf (205205)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-25T00:00:00",
"ID": "CVE-2021-29844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6508583",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"name": "ibm-engineering-cve202129844-ssrf (205205)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29844",
"datePublished": "2021-10-27T16:00:31.302142Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T17:59:19.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4733 (GCVE-0-2020-4733)
Vulnerability from cvelistv5 – Published: 2021-01-08 20:40 – Updated: 2024-09-17 00:25
VLAI?
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0.2
Affected: 6.0.6 Affected: 6.0.6.1 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204733-xss (188127)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Engineering Test Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Quality Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Rhapsody Model Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.0.2"
}
]
},
{
"product": "Rational Rhapsody Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/A:N/S:C/AC:L/UI:R/C:L/I:L/AV:N/RL:O/RC:C/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T20:40:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204733-xss (188127)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188127"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Engineering Test Management",
"version": {
"version_data": [
{
"version_value": "7.0.0"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Rhapsody Model Manager",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "6.0.2"
}
]
}
},
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398742",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204733-xss (188127)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188127"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4733",
"datePublished": "2021-01-08T20:40:25.291517Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T00:25:50.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4697 (GCVE-0-2020-4697)
Vulnerability from cvelistv5 – Published: 2021-01-08 20:40 – Updated: 2024-09-17 03:34
VLAI?
Summary
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Rational Team Concert |
Affected:
6.0.2
Affected: 6.0.6 Affected: 6.0.6.1 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:57.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204697-xss (186790)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186790"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Rhapsody Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Rhapsody Model Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.0.2"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Quality Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Test Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/I:L/C:L/AC:L/UI:R/A:N/S:C/PR:L/RC:C/E:H/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T20:40:24",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204697-xss (186790)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186790"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Rhapsody Model Manager",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "6.0.2"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Test Management",
"version": {
"version_data": [
{
"version_value": "7.0.0"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398742",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204697-xss (186790)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186790"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4697",
"datePublished": "2021-01-08T20:40:24.603243Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T03:34:13.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4691 (GCVE-0-2020-4691)
Vulnerability from cvelistv5 – Published: 2021-01-08 20:40 – Updated: 2024-09-17 01:26
VLAI?
Summary
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Rational Rhapsody Design Manager |
Affected:
6.0.2
Affected: 6.0.6 Affected: 6.0.6.1 Affected: 7.0 Affected: 7.0.1 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:57.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204691-xss (186698)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Rhapsody Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Rhapsody Model Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.0.2"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Engineering Test Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Quality Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/I:L/C:L/AC:L/UI:R/A:N/S:U/PR:L/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T20:40:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204691-xss (186698)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Rhapsody Model Manager",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "6.0.2"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Engineering Test Management",
"version": {
"version_data": [
{
"version_value": "7.0.0"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398742",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204691-xss (186698)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4691",
"datePublished": "2021-01-08T20:40:23.887295Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T01:26:13.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4544 (GCVE-0-2020-4544)
Vulnerability from cvelistv5 – Published: 2021-01-08 20:40 – Updated: 2024-09-17 00:41
VLAI?
Summary
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Engineering Workflow Management |
Affected:
7.0
Affected: 7.0.1 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204544-info-disc (183189)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Quality Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Test Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Rational Rhapsody Model Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.0.2"
}
]
},
{
"product": "Rational Rhapsody Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
}
],
"datePublic": "2021-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/S:U/PR:L/AV:N/I:N/AC:L/UI:N/C:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T20:40:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204544-info-disc (183189)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183189"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Test Management",
"version": {
"version_data": [
{
"version_value": "7.0.0"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Rational Rhapsody Model Manager",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "6.0.2"
}
]
}
},
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398742",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204544-info-disc (183189)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183189"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4544",
"datePublished": "2021-01-08T20:40:23.147853Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T00:41:58.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4487 (GCVE-0-2020-4487)
Vulnerability from cvelistv5 – Published: 2021-01-08 20:40 – Updated: 2024-09-16 18:50
VLAI?
Summary
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Engineering Lifecycle Optimization |
Affected:
7.0
Affected: 7.0.1 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:48.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204487-info-disc (181862)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Engineering Lifecycle Optimization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Rhapsody Model Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.0.2"
}
]
},
{
"product": "Rational Rhapsody Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Workflow Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
},
{
"product": "Engineering Test Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
},
{
"product": "Rational Quality Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2021-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:L/A:N/S:U/C:L/AC:L/UI:N/AV:N/I:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T20:40:22",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204487-info-disc (181862)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181862"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-07T00:00:00",
"ID": "CVE-2020-4487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Rhapsody Model Manager",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "6.0.2"
}
]
}
},
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Workflow Management",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Test Management",
"version": {
"version_data": [
{
"version_value": "7.0.0"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398742",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398742 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6398742"
},
{
"name": "ibm-jazz-cve20204487-info-disc (181862)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181862"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4487",
"datePublished": "2021-01-08T20:40:22.413554Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T18:50:20.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4525 (GCVE-0-2020-4525)
Vulnerability from cvelistv5 – Published: 2020-08-04 16:00 – Updated: 2024-09-17 02:51
VLAI?
Summary
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182435.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Rhapsody Design Manager |
Affected:
6.0.2
Affected: 7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:48.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6255694"
},
{
"name": "ibm-ewm-cve20204525-xss (182435)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182435"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Rhapsody Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "7.0"
}
]
}
],
"datePublic": "2020-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182435."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/I:L/A:N/S:C/PR:L/C:L/AC:L/AV:N/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-04T16:00:26",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6255694"
},
{
"name": "ibm-ewm-cve20204525-xss (182435)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182435"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-08-03T00:00:00",
"ID": "CVE-2020-4525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182435."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6255694",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6255694 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6255694"
},
{
"name": "ibm-ewm-cve20204525-xss (182435)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182435"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4525",
"datePublished": "2020-08-04T16:00:26.440002Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T02:51:30.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4410 (GCVE-0-2020-4410)
Vulnerability from cvelistv5 – Published: 2020-08-04 16:00 – Updated: 2024-09-16 22:50
VLAI?
Summary
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Rhapsody Design Manager |
Affected:
6.0.2
Affected: 7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:47.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6255694"
},
{
"name": "ibm-etm-cve20204410-info-disc (179539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Rhapsody Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "7.0"
}
]
}
],
"datePublic": "2020-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/UI:N/A:N/I:N/S:U/PR:L/C:L/AC:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-04T16:00:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6255694"
},
{
"name": "ibm-etm-cve20204410-info-disc (179539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-08-03T00:00:00",
"ID": "CVE-2020-4410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6255694",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6255694 (Rational Rhapsody Design Manager)",
"url": "https://www.ibm.com/support/pages/node/6255694"
},
{
"name": "ibm-etm-cve20204410-info-disc (179539)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4410",
"datePublished": "2020-08-04T16:00:25.516660Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T22:50:36.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4252 (GCVE-0-2019-4252)
Vulnerability from cvelistv5 – Published: 2019-06-27 13:45 – Updated: 2024-09-16 18:23
VLAI?
Summary
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational Collaborative Lifecycle Management |
Affected:
6.0
Affected: 6.0.1 Affected: 6.0.2 Affected: 6.0.3 Affected: 6.0.4 Affected: 6.0.5 Affected: 6.0.6 Affected: 6.0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rtc-cve20194252-info-disc (159883)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/S:U/I:N/C:H/PR:L/AV:N/UI:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:45:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rtc-cve20194252-info-disc (159883)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-25T00:00:00",
"ID": "CVE-2019-4252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10956525",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 0956525 (Rational Collaborative Lifecycle Management)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10956525"
},
{
"name": "ibm-rtc-cve20194252-info-disc (159883)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4252",
"datePublished": "2019-06-27T13:45:29.960679Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:23:47.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}