cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-52893,https://securityvulnerability.io/vulnerability/CVE-2024-52893,Information Disclosure Vulnerability in IBM Concert Software,IBM Concert Software versions 1.0.0 through 1.0.3 may inadvertently expose sensitive information through detailed technical error messages. This information can be leveraged by remote attackers for further exploits against the system's security. It is crucial for administrators to implement proper error handling and apply available patches to mitigate the risks associated with this vulnerability.,IBM,Concert Software,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,false,false,false,2025-01-07T12:00:41.835Z,0
CVE-2024-52366,https://securityvulnerability.io/vulnerability/CVE-2024-52366,Information Disclosure Vulnerability in IBM Concert Software,"IBM Concert Software versions 1.0.0 through 1.0.3 are susceptible to an information disclosure vulnerability due to improper implementation of HTTP Strict Transport Security (HSTS). This weakness allows remote attackers to engage in man-in-the-middle attacks, potentially enabling them to intercept and obtain sensitive information transmitted over the network. It is critical for users and organizations relying on this software to review and implement necessary security measures to mitigate these risks.",IBM,Concert Software,5.9,MEDIUM,0.0008699999889358878,false,false,false,false,false,false,false,2025-01-07T11:59:53.385Z,0
CVE-2024-52891,https://securityvulnerability.io/vulnerability/CVE-2024-52891,Information Injection Vulnerability in IBM Concert Software,"IBM Concert Software versions 1.0.0 through 1.0.3 have a security vulnerability that permits authenticated users to inject malicious payloads or gain unauthorized access to sensitive information through log files due to inadequate log neutralization. This flaw can compromise the integrity of log data and expose sensitive operations within the software, emphasizing the need for prompt remediation.",IBM,Concert Software,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,false,false,false,2025-01-07T11:58:13.671Z,0
CVE-2024-52367,https://securityvulnerability.io/vulnerability/CVE-2024-52367,Sensitive Information Disclosure in IBM Concert Software,"IBM Concert Software versions 1.0.0 through 1.0.3 are susceptible to a vulnerability that may allow unauthorized individuals to access sensitive system information. This exposure could be leveraged by malicious actors to conduct further attacks against the system, highlighting the need for users to apply the latest security updates to mitigate potential risks.",IBM,Concert Software,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,false,false,false,2025-01-07T11:55:11.030Z,0
CVE-2024-37070,https://securityvulnerability.io/vulnerability/CVE-2024-37070,Concert Software Vulnerabilities Could Lead to Sensitive Data Exposure,"IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.",IBM,Concert Software,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-11-19T19:24:02.919Z,0
CVE-2024-43189,https://securityvulnerability.io/vulnerability/CVE-2024-43189,IBM Concert Software Vulnerability Could Lead to Sensitive Information Theft,"IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.",IBM,Concert Software,5.9,MEDIUM,0.0008699999889358878,false,false,false,false,,false,false,2024-11-15T14:51:54.421Z,0
CVE-2024-41785,https://securityvulnerability.io/vulnerability/CVE-2024-41785,IBM Concert Software vulnerable to Cross-Site Scripting,IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,IBM,Concert Software,6.1,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-11-15T14:43:17.585Z,0
CVE-2018-1606,https://securityvulnerability.io/vulnerability/CVE-2018-1606,,"IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796.",IBM,"Rational Team Concert,Rational Software Architect Design Manager,Rational Doors Next Generation,Rational Collaborative Lifecycle Management,Rational Rhapsody Design Manager,Rational Quality Manager,Rational Engineering Lifecycle Manager",4.3,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-11-06T16:29:00.000Z,0
CVE-2018-1694,https://securityvulnerability.io/vulnerability/CVE-2018-1694,,"IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609.",IBM,"Rational Team Concert,Rational Software Architect Design Manager,Rational Doors Next Generation,Rational Collaborative Lifecycle Management,Rational Rhapsody Design Manager,Rational Quality Manager,Rational Engineering Lifecycle Manager",5.9,MEDIUM,0.0011500000255182385,false,false,false,false,,false,false,2018-11-06T16:29:00.000Z,0
CVE-2017-1753,https://securityvulnerability.io/vulnerability/CVE-2017-1753,,"Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.",IBM,"Rational Doors Next Generation,Rational Rhapsody Design Manager,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Rational Software Architect Design Manager,Rational Quality Manager,Rational Team Concert",5.4,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2018-08-20T21:29:00.000Z,0
CVE-2018-1394,https://securityvulnerability.io/vulnerability/CVE-2018-1394,,Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425.,IBM,"Rational Doors Next Generation,Rational Rhapsody Design Manager,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Rational Software Architect Design Manager,Rational Quality Manager,Rational Team Concert",5.4,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-08-20T21:29:00.000Z,0
CVE-2018-1423,https://securityvulnerability.io/vulnerability/CVE-2018-1423,,IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.,IBM,"Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Rational Rhapsody Design Manager,Rational Quality Manager,Rational Engineering Lifecycle Manager,Rational Software Architect Design Manager,Rational Team Concert",4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2018-07-10T16:29:00.000Z,0
CVE-2018-1492,https://securityvulnerability.io/vulnerability/CVE-2018-1492,,IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.,IBM,"Rational Engineering Lifecycle Manager,Rational Software Architect Design Manager,Rational Team Concert,Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Rational Rhapsody Design Manager,Rational Quality Manager",4.3,MEDIUM,0.0007300000288523734,false,false,false,false,,false,false,2018-07-10T16:29:00.000Z,0
CVE-2017-1559,https://securityvulnerability.io/vulnerability/CVE-2017-1559,,Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758.,IBM,"Rational Rhapsody Design Manager,Rational Software Architect Design Manager,Rational Team Concert,Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Rational Quality Manager",3.1,LOW,0.0004900000058114529,false,false,false,false,,false,false,2018-07-06T14:29:00.000Z,0
CVE-2017-1488,https://securityvulnerability.io/vulnerability/CVE-2017-1488,,An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627.,IBM,"Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Rational Quality Manager,Rational Collaborative Lifecycle Management,Rational Software Architect Design Manager,Rational Team Concert,Rational Rhapsody Design Manager",3.7,LOW,0.0006900000153109431,false,false,false,false,,false,false,2018-07-06T14:29:00.000Z,0
CVE-2017-1509,https://securityvulnerability.io/vulnerability/CVE-2017-1509,,IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719.,IBM,"Rational Rhapsody Design Manager,Rational Software Architect Design Manager,Rational Team Concert,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Rational Quality Manager",4.3,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-07-06T14:29:00.000Z,0
CVE-2017-1237,https://securityvulnerability.io/vulnerability/CVE-2017-1237,,IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355.,IBM,"Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Rational Quality Manager,Rational Rhapsody Design Manager,Rational Software Architect Design Manager,Rational Team Concert",5.4,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-06-28T00:00:00.000Z,0
CVE-2017-1700,https://securityvulnerability.io/vulnerability/CVE-2017-1700,,"IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392.",IBM,"Rational Team Concert,Rational Engineering Lifecycle Manager,Rational Software Architect Design Manager,Rational Quality Manager,Rational Doors Next Generation,Rational Collaborative Lifecycle Management,Rational Rhapsody Design Manager",6.5,MEDIUM,0.000750000006519258,false,false,false,false,,false,false,2018-04-24T14:29:00.000Z,0
CVE-2017-1725,https://securityvulnerability.io/vulnerability/CVE-2017-1725,,"IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) contain an undisclosed vulnerability with the potential for information disclosure. IBM X-Force ID: 134820.",IBM,"Rational Quality Manager,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Rational Software Architect Design Manager,Rational Team Concert,Rational Rhapsody Design Manager",4.3,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-04-24T14:29:00.000Z,0
CVE-2017-1734,https://securityvulnerability.io/vulnerability/CVE-2017-1734,,"IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915.",IBM,"Rational Engineering Lifecycle Manager,Rational Quality Manager,Rational Rhapsody Design Manager,Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Rational Team Concert,Rational Software Architect Design Manager",4.3,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-04-18T00:00:00.000Z,0
CVE-2014-3092,https://securityvulnerability.io/vulnerability/CVE-2014-3092,,"IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.",IBM,"Rational Engineering Lifecycle Manager,Rational Requirements Composer,Rational Software Architect Design Manager,Rational Quality Manager,Rational Team Concert,Rational Rhapsody Design Manager,Rational Doors Next Generation",,,0.001769999973475933,false,false,false,false,,false,false,2014-09-12T01:00:00.000Z,0