Search

Find a vulnerability

Search criteria

    28 vulnerabilities found for rhapsody_design_manager by ibm

    CVE-2021-20357 (GCVE-0-2021-20357)

    Vulnerability from nvd – Published: 2021-01-27 16:15 – Updated: 2024-09-16 22:41
    VLAI
    Summary
    IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Date Public
    2021-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:37:24.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6408694"
              },
              {
                "name": "ibm-gcm-cve202120357-xss (194963)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rational DOORS Next Generation",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Quality Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Collaborative Lifecycle Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Team Concert",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Engineering Test Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Engineering Lifecycle Optimization",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Model Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                }
              ]
            },
            {
              "product": "Engineering Workflow Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                }
              ]
            },
            {
              "product": "Rational Engineering Lifecycle Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            }
          ],
          "datePublic": "2021-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/PR:L/C:L/AV:N/AC:L/S:C/A:N/UI:R/I:L/RL:O/RC:C/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-27T16:15:28.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-gcm-cve202120357-xss (194963)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-01-26T00:00:00",
              "ID": "CVE-2021-20357",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rational DOORS Next Generation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Quality Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Collaborative Lifecycle Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Team Concert",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Test Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Lifecycle Optimization",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Model Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "6.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Workflow Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "7.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Engineering Lifecycle Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6408694",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
                  "url": "https://www.ibm.com/support/pages/node/6408694"
                },
                {
                  "name": "ibm-gcm-cve202120357-xss (194963)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2021-20357",
        "datePublished": "2021-01-27T16:15:28.467Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:41:31.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4865 (GCVE-0-2020-4865)

    Vulnerability from nvd – Published: 2021-01-27 16:15 – Updated: 2024-09-16 20:21
    VLAI
    Summary
    IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Date Public
    2021-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:14:59.128Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6408694"
              },
              {
                "name": "ibm-engineering-cve20204865-xss (190741)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Engineering Lifecycle Optimization",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Engineering Test Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0"
                }
              ]
            },
            {
              "product": "Rational Collaborative Lifecycle Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Team Concert",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Quality Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational DOORS Next Generation",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Engineering Lifecycle Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Engineering Workflow Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Model Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                }
              ]
            }
          ],
          "datePublic": "2021-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/PR:L/C:L/I:L/AC:L/S:C/UI:R/A:N/RL:O/RC:C/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-27T16:15:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-engineering-cve20204865-xss (190741)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-01-26T00:00:00",
              "ID": "CVE-2020-4865",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Engineering Lifecycle Optimization",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Test Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Collaborative Lifecycle Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Team Concert",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Quality Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational DOORS Next Generation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Engineering Lifecycle Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Workflow Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "7.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Model Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "6.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6408694",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
                  "url": "https://www.ibm.com/support/pages/node/6408694"
                },
                {
                  "name": "ibm-engineering-cve20204865-xss (190741)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4865",
        "datePublished": "2021-01-27T16:15:27.819Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:21:28.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4855 (GCVE-0-2020-4855)

    Vulnerability from nvd – Published: 2021-01-27 16:15 – Updated: 2024-09-17 01:46
    VLAI
    Summary
    IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Date Public
    2021-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:14:59.117Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6408694"
              },
              {
                "name": "ibm-engineering-cve20204855-xss (190457)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rational Collaborative Lifecycle Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Team Concert",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Quality Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational DOORS Next Generation",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Engineering Lifecycle Optimization",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Engineering Test Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0"
                }
              ]
            },
            {
              "product": "Rational Engineering Lifecycle Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Engineering Workflow Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Model Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                }
              ]
            }
          ],
          "datePublic": "2021-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AC:L/A:N/UI:R/S:C/I:L/PR:L/C:L/AV:N/RC:C/RL:O/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-27T16:15:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-engineering-cve20204855-xss (190457)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-01-26T00:00:00",
              "ID": "CVE-2020-4855",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rational Collaborative Lifecycle Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Team Concert",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Quality Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational DOORS Next Generation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Lifecycle Optimization",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Test Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Engineering Lifecycle Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Workflow Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "7.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Model Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "6.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6408694",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
                  "url": "https://www.ibm.com/support/pages/node/6408694"
                },
                {
                  "name": "ibm-engineering-cve20204855-xss (190457)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4855",
        "datePublished": "2021-01-27T16:15:27.177Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:46:27.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4547 (GCVE-0-2020-4547)

    Vulnerability from nvd – Published: 2021-01-27 16:15 – Updated: 2024-09-17 03:18
    VLAI
    Summary
    IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Date Public
    2021-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:07:48.970Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6408694"
              },
              {
                "name": "ibm-jazz-cve20204547-clickjacking (183315)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Engineering Workflow Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                }
              ]
            },
            {
              "product": "Rational Engineering Lifecycle Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Model Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                }
              ]
            },
            {
              "product": "Engineering Lifecycle Optimization",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Engineering Test Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Quality Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Team Concert",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Collaborative Lifecycle Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational DOORS Next Generation",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            }
          ],
          "datePublic": "2021-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 4.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/S:C/A:N/UI:R/AC:L/I:L/C:L/PR:L/AV:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-27T16:15:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-jazz-cve20204547-clickjacking (183315)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-01-26T00:00:00",
              "ID": "CVE-2020-4547",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Engineering Workflow Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "7.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Engineering Lifecycle Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Model Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "6.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Lifecycle Optimization",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Test Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Quality Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Team Concert",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Collaborative Lifecycle Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational DOORS Next Generation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6408694",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
                  "url": "https://www.ibm.com/support/pages/node/6408694"
                },
                {
                  "name": "ibm-jazz-cve20204547-clickjacking (183315)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4547",
        "datePublished": "2021-01-27T16:15:26.519Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:18:48.984Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4524 (GCVE-0-2020-4524)

    Vulnerability from nvd – Published: 2021-01-27 16:15 – Updated: 2024-09-16 19:09
    VLAI
    Summary
    IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Date Public
    2021-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:07:49.025Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6408694"
              },
              {
                "name": "ibm-jazz-cve20204524-xss (182434)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rational Collaborative Lifecycle Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Team Concert",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Quality Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational DOORS Next Generation",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Engineering Lifecycle Optimization",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Engineering Test Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0"
                }
              ]
            },
            {
              "product": "Rational Engineering Lifecycle Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Engineering Workflow Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Model Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                }
              ]
            }
          ],
          "datePublic": "2021-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/PR:L/C:L/AV:N/AC:L/A:N/UI:R/S:C/I:L/E:H/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-27T16:15:25.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-jazz-cve20204524-xss (182434)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-01-26T00:00:00",
              "ID": "CVE-2020-4524",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rational Collaborative Lifecycle Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Team Concert",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Quality Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational DOORS Next Generation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Lifecycle Optimization",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Test Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Engineering Lifecycle Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Workflow Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "7.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Model Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "6.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6408694",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
                  "url": "https://www.ibm.com/support/pages/node/6408694"
                },
                {
                  "name": "ibm-jazz-cve20204524-xss (182434)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4524",
        "datePublished": "2021-01-27T16:15:25.871Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:09:56.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4748 (GCVE-0-2019-4748)

    Vulnerability from nvd – Published: 2020-07-16 15:05 – Updated: 2024-09-17 00:40
    VLAI
    Summary
    IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Rational DOORS Next Generation Affected: 6.0.2
    Affected: 6.0.6
    Affected: 6.0.6.1
    Affected: 7.0
    Create a notification for this product.
    IBM Engineering Workflow Management Affected: 7.0
    Create a notification for this product.
    IBM Rational Quality Manager Affected: 6.0.2
    Affected: 6.0.6
    Affected: 6.0.6.1
    Create a notification for this product.
    IBM Rational Rhapsody Design Manager Affected: 6.0.2
    Affected: 6.0.6
    Affected: 6.0.6.1
    Create a notification for this product.
    IBM Rational Team Concert Affected: 6.0.2
    Affected: 6.0.6
    Affected: 6.0.6.1
    Affected: 7.0
    Create a notification for this product.
    Date Public
    2020-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:40:48.968Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6249133"
              },
              {
                "name": "ibm-jazz-cve20194748-xss (173174)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rational DOORS Next Generation",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Engineering Workflow Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Quality Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Team Concert",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            }
          ],
          "datePublic": "2020-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/PR:L/UI:R/C:L/I:L/AC:L/S:C/A:N/E:H/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-16T15:05:34.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6249133"
            },
            {
              "name": "ibm-jazz-cve20194748-xss (173174)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-07-15T00:00:00",
              "ID": "CVE-2019-4748",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rational DOORS Next Generation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Workflow Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Quality Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Team Concert",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6249133",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6249133 (Rational Collaborative Lifecycle Management)",
                  "url": "https://www.ibm.com/support/pages/node/6249133"
                },
                {
                  "name": "ibm-jazz-cve20194748-xss (173174)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4748",
        "datePublished": "2020-07-16T15:05:34.858Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:40:48.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1287 (GCVE-0-2017-1287)

    Vulnerability from nvd – Published: 2017-07-24 21:00 – Updated: 2024-09-16 17:17
    VLAI
    Summary
    IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Rational Rhapsody Design Manager Affected: 5.0.2
    Create a notification for this product.
    IBM Rational Rhapsody Design Manager Affected: 5.0
    Affected: 5.0.1
    Affected: 6.0
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.0.3
    Create a notification for this product.
    Date Public
    2017-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:28.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125148"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.2"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.3"
                }
              ]
            }
          ],
          "datePublic": "2017-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-24T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125148"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-20T00:00:00",
              "ID": "CVE-2017-1287",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.0.1"
                              },
                              {
                                "version_value": "6.0"
                              },
                              {
                                "version_value": "6.0.1"
                              },
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125148",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125148"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22006052",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1287",
        "datePublished": "2017-07-24T21:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:17:35.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1249 (GCVE-0-2017-1249)

    Vulnerability from nvd – Published: 2017-07-24 21:00 – Updated: 2024-09-17 01:01
    VLAI
    Summary
    IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Rational Rhapsody Design Manager Affected: 5.0.2
    Create a notification for this product.
    IBM Rational Rhapsody Design Manager Affected: 5.0
    Affected: 5.0.1
    Affected: 6.0
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.0.3
    Create a notification for this product.
    Date Public
    2017-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:25:17.509Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.2"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.3"
                }
              ]
            }
          ],
          "datePublic": "2017-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-24T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124629"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-20T00:00:00",
              "ID": "CVE-2017-1249",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.0.1"
                              },
                              {
                                "version_value": "6.0"
                              },
                              {
                                "version_value": "6.0.1"
                              },
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22006052",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124629",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124629"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1249",
        "datePublished": "2017-07-24T21:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:01:34.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8975 (GCVE-0-2016-8975)

    Vulnerability from nvd – Published: 2017-07-24 21:00 – Updated: 2024-09-16 16:54
    VLAI
    Summary
    IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Rational Rhapsody Design Manager Affected: 5.0.2
    Create a notification for this product.
    IBM Rational Rhapsody Design Manager Affected: 5.0
    Affected: 5.0.1
    Affected: 6.0
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.0.3
    Create a notification for this product.
    Date Public
    2017-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100124",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100124"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118912"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.2"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.3"
                }
              ]
            }
          ],
          "datePublic": "2017-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-05T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "100124",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100124"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118912"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-20T00:00:00",
              "ID": "CVE-2016-8975",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.0.1"
                              },
                              {
                                "version_value": "6.0"
                              },
                              {
                                "version_value": "6.0.1"
                              },
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100124",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100124"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118912",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118912"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22006052",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8975",
        "datePublished": "2017-07-24T21:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:54:11.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0112 (GCVE-0-2015-0112)

    Vulnerability from nvd – Published: 2015-06-07 18:00 – Updated: 2024-08-06 03:55
    VLAI
    Summary
    Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2015-05-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T03:55:28.126Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-05-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-06-07T18:57:00.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2015-0112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2015-0112",
        "datePublished": "2015-06-07T18:00:00.000Z",
        "dateReserved": "2014-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T03:55:28.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0948 (GCVE-0-2014-0948)

    Vulnerability from nvd – Published: 2014-07-30 10:00 – Updated: 2024-08-06 09:34
    VLAI
    Summary
    Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2014-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:34:40.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323"
              },
              {
                "name": "ibm-rsadm-cve20140948-zip(92621)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92621"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323"
            },
            {
              "name": "ibm-rsadm-cve20140948-zip(92621)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92621"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2014-0948",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323"
                },
                {
                  "name": "ibm-rsadm-cve20140948-zip(92621)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92621"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2014-0948",
        "datePublished": "2014-07-30T10:00:00.000Z",
        "dateReserved": "2014-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:34:40.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5459 (GCVE-0-2013-5459)

    Vulnerability from nvd – Published: 2014-04-21 22:00 – Updated: 2024-08-06 17:15
    VLAI
    Summary
    Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2014-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:15:20.325Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664531"
              },
              {
                "name": "ibm-rsa-cve20135459-integrity(84773)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84773"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664531"
            },
            {
              "name": "ibm-rsa-cve20135459-integrity(84773)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84773"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2013-5459",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21664531",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664531"
                },
                {
                  "name": "ibm-rsa-cve20135459-integrity(84773)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84773"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2013-5459",
        "datePublished": "2014-04-21T22:00:00.000Z",
        "dateReserved": "2013-08-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:15:20.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3043 (GCVE-0-2013-3043)

    Vulnerability from nvd – Published: 2013-12-14 22:00 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2013-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:09.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "rhapsody-dm-cve20133043-client-dir-trav(84769)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84769"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "rhapsody-dm-cve20133043-client-dir-trav(84769)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84769"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2013-3043",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "rhapsody-dm-cve20133043-client-dir-trav(84769)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84769"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2013-3043",
        "datePublished": "2013-12-14T22:00:00.000Z",
        "dateReserved": "2013-04-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:09.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3042 (GCVE-0-2013-3042)

    Vulnerability from nvd – Published: 2013-12-14 22:00 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2013-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:09.856Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "rhapsody-dm-cve20133042-server-dir-trav(84768)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84768"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "rhapsody-dm-cve20133042-server-dir-trav(84768)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84768"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2013-3042",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "rhapsody-dm-cve20133042-server-dir-trav(84768)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84768"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2013-3042",
        "datePublished": "2013-12-14T22:00:00.000Z",
        "dateReserved": "2013-04-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:09.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20357 (GCVE-0-2021-20357)

    Vulnerability from cvelistv5 – Published: 2021-01-27 16:15 – Updated: 2024-09-16 22:41
    VLAI
    Summary
    IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Date Public
    2021-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:37:24.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6408694"
              },
              {
                "name": "ibm-gcm-cve202120357-xss (194963)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rational DOORS Next Generation",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Quality Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Collaborative Lifecycle Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Team Concert",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Engineering Test Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Engineering Lifecycle Optimization",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Model Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                }
              ]
            },
            {
              "product": "Engineering Workflow Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                }
              ]
            },
            {
              "product": "Rational Engineering Lifecycle Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            }
          ],
          "datePublic": "2021-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/PR:L/C:L/AV:N/AC:L/S:C/A:N/UI:R/I:L/RL:O/RC:C/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-27T16:15:28.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-gcm-cve202120357-xss (194963)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-01-26T00:00:00",
              "ID": "CVE-2021-20357",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rational DOORS Next Generation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Quality Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Collaborative Lifecycle Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Team Concert",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Test Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Lifecycle Optimization",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Model Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "6.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Workflow Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "7.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Engineering Lifecycle Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6408694",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
                  "url": "https://www.ibm.com/support/pages/node/6408694"
                },
                {
                  "name": "ibm-gcm-cve202120357-xss (194963)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194963"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2021-20357",
        "datePublished": "2021-01-27T16:15:28.467Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:41:31.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4865 (GCVE-0-2020-4865)

    Vulnerability from cvelistv5 – Published: 2021-01-27 16:15 – Updated: 2024-09-16 20:21
    VLAI
    Summary
    IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Date Public
    2021-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:14:59.128Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6408694"
              },
              {
                "name": "ibm-engineering-cve20204865-xss (190741)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Engineering Lifecycle Optimization",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Engineering Test Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0"
                }
              ]
            },
            {
              "product": "Rational Collaborative Lifecycle Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Team Concert",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Quality Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational DOORS Next Generation",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Engineering Lifecycle Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Engineering Workflow Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Model Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                }
              ]
            }
          ],
          "datePublic": "2021-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/PR:L/C:L/I:L/AC:L/S:C/UI:R/A:N/RL:O/RC:C/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-27T16:15:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-engineering-cve20204865-xss (190741)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-01-26T00:00:00",
              "ID": "CVE-2020-4865",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Engineering Lifecycle Optimization",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Test Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Collaborative Lifecycle Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Team Concert",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Quality Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational DOORS Next Generation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Engineering Lifecycle Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Workflow Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "7.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Model Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "6.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6408694",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
                  "url": "https://www.ibm.com/support/pages/node/6408694"
                },
                {
                  "name": "ibm-engineering-cve20204865-xss (190741)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190741"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4865",
        "datePublished": "2021-01-27T16:15:27.819Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:21:28.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4855 (GCVE-0-2020-4855)

    Vulnerability from cvelistv5 – Published: 2021-01-27 16:15 – Updated: 2024-09-17 01:46
    VLAI
    Summary
    IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Date Public
    2021-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:14:59.117Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6408694"
              },
              {
                "name": "ibm-engineering-cve20204855-xss (190457)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rational Collaborative Lifecycle Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Team Concert",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Quality Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational DOORS Next Generation",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Engineering Lifecycle Optimization",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Engineering Test Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0"
                }
              ]
            },
            {
              "product": "Rational Engineering Lifecycle Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Engineering Workflow Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Model Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                }
              ]
            }
          ],
          "datePublic": "2021-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AC:L/A:N/UI:R/S:C/I:L/PR:L/C:L/AV:N/RC:C/RL:O/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-27T16:15:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-engineering-cve20204855-xss (190457)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-01-26T00:00:00",
              "ID": "CVE-2020-4855",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rational Collaborative Lifecycle Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Team Concert",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Quality Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational DOORS Next Generation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Lifecycle Optimization",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Test Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Engineering Lifecycle Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Workflow Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "7.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Model Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "6.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6408694",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
                  "url": "https://www.ibm.com/support/pages/node/6408694"
                },
                {
                  "name": "ibm-engineering-cve20204855-xss (190457)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190457"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4855",
        "datePublished": "2021-01-27T16:15:27.177Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:46:27.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4547 (GCVE-0-2020-4547)

    Vulnerability from cvelistv5 – Published: 2021-01-27 16:15 – Updated: 2024-09-17 03:18
    VLAI
    Summary
    IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Date Public
    2021-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:07:48.970Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6408694"
              },
              {
                "name": "ibm-jazz-cve20204547-clickjacking (183315)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Engineering Workflow Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                }
              ]
            },
            {
              "product": "Rational Engineering Lifecycle Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Model Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                }
              ]
            },
            {
              "product": "Engineering Lifecycle Optimization",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Engineering Test Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Quality Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Team Concert",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Collaborative Lifecycle Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational DOORS Next Generation",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            }
          ],
          "datePublic": "2021-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 4.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/S:C/A:N/UI:R/AC:L/I:L/C:L/PR:L/AV:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-27T16:15:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-jazz-cve20204547-clickjacking (183315)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-01-26T00:00:00",
              "ID": "CVE-2020-4547",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Engineering Workflow Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "7.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Engineering Lifecycle Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Model Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "6.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Lifecycle Optimization",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Test Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Quality Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Team Concert",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Collaborative Lifecycle Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational DOORS Next Generation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6408694",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
                  "url": "https://www.ibm.com/support/pages/node/6408694"
                },
                {
                  "name": "ibm-jazz-cve20204547-clickjacking (183315)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183315"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4547",
        "datePublished": "2021-01-27T16:15:26.519Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:18:48.984Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4524 (GCVE-0-2020-4524)

    Vulnerability from cvelistv5 – Published: 2021-01-27 16:15 – Updated: 2024-09-16 19:09
    VLAI
    Summary
    IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Date Public
    2021-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:07:49.025Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6408694"
              },
              {
                "name": "ibm-jazz-cve20204524-xss (182434)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rational Collaborative Lifecycle Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Team Concert",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Quality Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational DOORS Next Generation",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Engineering Lifecycle Optimization",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Engineering Test Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0"
                }
              ]
            },
            {
              "product": "Rational Engineering Lifecycle Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Engineering Workflow Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Model Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                }
              ]
            }
          ],
          "datePublic": "2021-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/PR:L/C:L/AV:N/AC:L/A:N/UI:R/S:C/I:L/E:H/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-27T16:15:25.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6408694"
            },
            {
              "name": "ibm-jazz-cve20204524-xss (182434)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-01-26T00:00:00",
              "ID": "CVE-2020-4524",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rational Collaborative Lifecycle Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Team Concert",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Quality Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational DOORS Next Generation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Lifecycle Optimization",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Test Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Engineering Lifecycle Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Workflow Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "7.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Model Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              },
                              {
                                "version_value": "6.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6408694",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6408694 (Rational DOORS Next Generation)",
                  "url": "https://www.ibm.com/support/pages/node/6408694"
                },
                {
                  "name": "ibm-jazz-cve20204524-xss (182434)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182434"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4524",
        "datePublished": "2021-01-27T16:15:25.871Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:09:56.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4748 (GCVE-0-2019-4748)

    Vulnerability from cvelistv5 – Published: 2020-07-16 15:05 – Updated: 2024-09-17 00:40
    VLAI
    Summary
    IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Rational DOORS Next Generation Affected: 6.0.2
    Affected: 6.0.6
    Affected: 6.0.6.1
    Affected: 7.0
    Create a notification for this product.
    IBM Engineering Workflow Management Affected: 7.0
    Create a notification for this product.
    IBM Rational Quality Manager Affected: 6.0.2
    Affected: 6.0.6
    Affected: 6.0.6.1
    Create a notification for this product.
    IBM Rational Rhapsody Design Manager Affected: 6.0.2
    Affected: 6.0.6
    Affected: 6.0.6.1
    Create a notification for this product.
    IBM Rational Team Concert Affected: 6.0.2
    Affected: 6.0.6
    Affected: 6.0.6.1
    Affected: 7.0
    Create a notification for this product.
    Date Public
    2020-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:40:48.968Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6249133"
              },
              {
                "name": "ibm-jazz-cve20194748-xss (173174)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rational DOORS Next Generation",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Engineering Workflow Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            },
            {
              "product": "Rational Quality Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                }
              ]
            },
            {
              "product": "Rational Team Concert",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.6"
                },
                {
                  "status": "affected",
                  "version": "6.0.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.0"
                }
              ]
            }
          ],
          "datePublic": "2020-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/PR:L/UI:R/C:L/I:L/AC:L/S:C/A:N/E:H/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-16T15:05:34.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6249133"
            },
            {
              "name": "ibm-jazz-cve20194748-xss (173174)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-07-15T00:00:00",
              "ID": "CVE-2019-4748",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rational DOORS Next Generation",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Engineering Workflow Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Quality Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Team Concert",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.6"
                              },
                              {
                                "version_value": "6.0.6.1"
                              },
                              {
                                "version_value": "7.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6249133",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6249133 (Rational Collaborative Lifecycle Management)",
                  "url": "https://www.ibm.com/support/pages/node/6249133"
                },
                {
                  "name": "ibm-jazz-cve20194748-xss (173174)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173174"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4748",
        "datePublished": "2020-07-16T15:05:34.858Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:40:48.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8975 (GCVE-0-2016-8975)

    Vulnerability from cvelistv5 – Published: 2017-07-24 21:00 – Updated: 2024-09-16 16:54
    VLAI
    Summary
    IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Rational Rhapsody Design Manager Affected: 5.0.2
    Create a notification for this product.
    IBM Rational Rhapsody Design Manager Affected: 5.0
    Affected: 5.0.1
    Affected: 6.0
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.0.3
    Create a notification for this product.
    Date Public
    2017-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100124",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100124"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118912"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.2"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.3"
                }
              ]
            }
          ],
          "datePublic": "2017-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-05T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "100124",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100124"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118912"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-20T00:00:00",
              "ID": "CVE-2016-8975",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.0.1"
                              },
                              {
                                "version_value": "6.0"
                              },
                              {
                                "version_value": "6.0.1"
                              },
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100124",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100124"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118912",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118912"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22006052",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8975",
        "datePublished": "2017-07-24T21:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:54:11.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1287 (GCVE-0-2017-1287)

    Vulnerability from cvelistv5 – Published: 2017-07-24 21:00 – Updated: 2024-09-16 17:17
    VLAI
    Summary
    IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Rational Rhapsody Design Manager Affected: 5.0.2
    Create a notification for this product.
    IBM Rational Rhapsody Design Manager Affected: 5.0
    Affected: 5.0.1
    Affected: 6.0
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.0.3
    Create a notification for this product.
    Date Public
    2017-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:28.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125148"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.2"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.3"
                }
              ]
            }
          ],
          "datePublic": "2017-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-24T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125148"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-20T00:00:00",
              "ID": "CVE-2017-1287",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.0.1"
                              },
                              {
                                "version_value": "6.0"
                              },
                              {
                                "version_value": "6.0.1"
                              },
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125148",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125148"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22006052",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1287",
        "datePublished": "2017-07-24T21:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:17:35.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1249 (GCVE-0-2017-1249)

    Vulnerability from cvelistv5 – Published: 2017-07-24 21:00 – Updated: 2024-09-17 01:01
    VLAI
    Summary
    IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Rational Rhapsody Design Manager Affected: 5.0.2
    Create a notification for this product.
    IBM Rational Rhapsody Design Manager Affected: 5.0
    Affected: 5.0.1
    Affected: 6.0
    Affected: 6.0.1
    Affected: 6.0.2
    Affected: 6.0.3
    Create a notification for this product.
    Date Public
    2017-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:25:17.509Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.2"
                }
              ]
            },
            {
              "product": "Rational Rhapsody Design Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "6.0.3"
                }
              ]
            }
          ],
          "datePublic": "2017-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-24T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124629"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-20T00:00:00",
              "ID": "CVE-2017-1249",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Rational Rhapsody Design Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.0.1"
                              },
                              {
                                "version_value": "6.0"
                              },
                              {
                                "version_value": "6.0.1"
                              },
                              {
                                "version_value": "6.0.2"
                              },
                              {
                                "version_value": "6.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22006052",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22006052"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124629",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124629"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1249",
        "datePublished": "2017-07-24T21:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:01:34.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0112 (GCVE-0-2015-0112)

    Vulnerability from cvelistv5 – Published: 2015-06-07 18:00 – Updated: 2024-08-06 03:55
    VLAI
    Summary
    Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2015-05-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T03:55:28.126Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-05-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-06-07T18:57:00.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2015-0112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957763"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2015-0112",
        "datePublished": "2015-06-07T18:00:00.000Z",
        "dateReserved": "2014-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T03:55:28.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0948 (GCVE-0-2014-0948)

    Vulnerability from cvelistv5 – Published: 2014-07-30 10:00 – Updated: 2024-08-06 09:34
    VLAI
    Summary
    Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2014-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:34:40.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323"
              },
              {
                "name": "ibm-rsadm-cve20140948-zip(92621)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92621"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323"
            },
            {
              "name": "ibm-rsadm-cve20140948-zip(92621)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92621"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2014-0948",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323"
                },
                {
                  "name": "ibm-rsadm-cve20140948-zip(92621)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92621"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2014-0948",
        "datePublished": "2014-07-30T10:00:00.000Z",
        "dateReserved": "2014-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:34:40.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5459 (GCVE-0-2013-5459)

    Vulnerability from cvelistv5 – Published: 2014-04-21 22:00 – Updated: 2024-08-06 17:15
    VLAI
    Summary
    Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2014-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:15:20.325Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664531"
              },
              {
                "name": "ibm-rsa-cve20135459-integrity(84773)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84773"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664531"
            },
            {
              "name": "ibm-rsa-cve20135459-integrity(84773)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84773"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2013-5459",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21664531",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664531"
                },
                {
                  "name": "ibm-rsa-cve20135459-integrity(84773)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84773"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2013-5459",
        "datePublished": "2014-04-21T22:00:00.000Z",
        "dateReserved": "2013-08-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:15:20.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3042 (GCVE-0-2013-3042)

    Vulnerability from cvelistv5 – Published: 2013-12-14 22:00 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2013-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:09.856Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "rhapsody-dm-cve20133042-server-dir-trav(84768)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84768"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "rhapsody-dm-cve20133042-server-dir-trav(84768)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84768"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2013-3042",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "rhapsody-dm-cve20133042-server-dir-trav(84768)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84768"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2013-3042",
        "datePublished": "2013-12-14T22:00:00.000Z",
        "dateReserved": "2013-04-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:09.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3043 (GCVE-0-2013-3043)

    Vulnerability from cvelistv5 – Published: 2013-12-14 22:00 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2013-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:09.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "rhapsody-dm-cve20133043-client-dir-trav(84769)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84769"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "rhapsody-dm-cve20133043-client-dir-trav(84769)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84769"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2013-3043",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "rhapsody-dm-cve20133043-client-dir-trav(84769)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84769"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655724"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2013-3043",
        "datePublished": "2013-12-14T22:00:00.000Z",
        "dateReserved": "2013-04-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:09.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }