cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2018-1529,https://securityvulnerability.io/vulnerability/CVE-2018-1529,,"IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142291.",IBM,Rational Requirements Composer,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2018-07-19T14:00:00.000Z,0
CVE-2015-0112,https://securityvulnerability.io/vulnerability/CVE-2015-0112,,"Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",IBM,Rational Requirements Composer,,,0.0011500000255182385,false,false,false,false,,false,false,2015-06-07T18:00:00.000Z,0
CVE-2015-0121,https://securityvulnerability.io/vulnerability/CVE-2015-0121,,"IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation.",IBM,Rational Requirements Composer,,,0.0020200000144541264,false,false,false,false,,false,false,2015-05-30T19:00:00.000Z,0
CVE-2015-0125,https://securityvulnerability.io/vulnerability/CVE-2015-0125,,Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 4.x before 4.0.7 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.,IBM,Rational Requirements Composer,,,0.0006300000241026282,false,false,false,false,,false,false,2015-03-18T10:00:00.000Z,0
CVE-2015-0132,https://securityvulnerability.io/vulnerability/CVE-2015-0132,,"The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.",IBM,Rational Requirements Composer,,,0.00279999990016222,false,false,false,false,,false,false,2015-03-18T10:00:00.000Z,0
CVE-2014-3092,https://securityvulnerability.io/vulnerability/CVE-2014-3092,,"IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.",IBM,"Rational Engineering Lifecycle Manager,Rational Requirements Composer,Rational Software Architect Design Manager,Rational Quality Manager,Rational Team Concert,Rational Rhapsody Design Manager,Rational Doors Next Generation",,,0.001769999973475933,false,false,false,false,,false,false,2014-09-12T01:00:00.000Z,0
CVE-2014-0845,https://securityvulnerability.io/vulnerability/CVE-2014-0845,,"Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.",IBM,Rational Requirements Composer,,,0.0009500000160187483,false,false,false,false,,false,false,2014-03-04T22:00:00.000Z,0
CVE-2014-0844,https://securityvulnerability.io/vulnerability/CVE-2014-0844,,"Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors.",IBM,Rational Requirements Composer,,,0.0007900000200606883,false,false,false,false,,false,false,2014-03-04T22:00:00.000Z,0
CVE-2013-5404,https://securityvulnerability.io/vulnerability/CVE-2013-5404,,"Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element.",IBM,"Rational Requirements Composer,Rational Quality Manager,Rational Team Concert",,,0.0006200000061653554,false,false,false,false,,false,false,2013-12-10T19:00:00.000Z,0
CVE-2013-3038,https://securityvulnerability.io/vulnerability/CVE-2013-3038,,Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors.,IBM,Rational Requirements Composer,,,0.001930000027641654,false,false,false,false,,false,false,2013-09-12T01:00:00.000Z,0
CVE-2013-3037,https://securityvulnerability.io/vulnerability/CVE-2013-3037,,Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors.,IBM,Rational Requirements Composer,,,0.0004199999966658652,false,false,false,false,,false,false,2013-09-12T01:00:00.000Z,0
CVE-2013-3039,https://securityvulnerability.io/vulnerability/CVE-2013-3039,,"IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors.",IBM,Rational Requirements Composer,,,0.0007699999841861427,false,false,false,false,,false,false,2013-09-12T01:00:00.000Z,0
CVE-2013-3036,https://securityvulnerability.io/vulnerability/CVE-2013-3036,,Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.,IBM,Rational Requirements Composer,,,0.0006600000197067857,false,false,false,false,,false,false,2013-09-12T01:00:00.000Z,0