cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-4977,https://securityvulnerability.io/vulnerability/CVE-2020-4977,,IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192470.,IBM,"Rational Quality Manager,Rational Rhapsody Model Manager,Engineering Test Management,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-06-02T21:15:00.000Z,0
CVE-2020-4495,https://securityvulnerability.io/vulnerability/CVE-2020-4495,,"IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114.",IBM,"Engineering Test Management,Rational Quality Manager,Rational Rhapsody Model Manager,Engineering Lifecycle Optimization,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management,Rational Doors Next Generation",8.8,HIGH,0.002839999971911311,false,false,false,false,,false,false,2021-06-02T21:15:00.000Z,0
CVE-2020-4732,https://securityvulnerability.io/vulnerability/CVE-2020-4732,,IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.,IBM,"Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization,Rational Quality Manager,Rational Rhapsody Model Manager,Engineering Test Management",4.3,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2021-06-02T21:15:00.000Z,0
CVE-2020-5030,https://securityvulnerability.io/vulnerability/CVE-2020-5030,,IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193737.,IBM,"Rational Rhapsody Model Manager,Rational Quality Manager,Engineering Test Management,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-06-02T21:15:00.000Z,0
CVE-2021-20338,https://securityvulnerability.io/vulnerability/CVE-2021-20338,,IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194449.,IBM,"Engineering Test Management,Rational Rhapsody Model Manager,Rational Quality Manager,Engineering Lifecycle Optimization,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management,Rational Doors Next Generation",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-06-02T21:15:00.000Z,0
CVE-2021-20343,https://securityvulnerability.io/vulnerability/CVE-2021-20343,,"IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194593.",IBM,"Engineering Test Management,Rational Quality Manager,Rational Rhapsody Model Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-06-02T21:15:00.000Z,0
CVE-2021-20345,https://securityvulnerability.io/vulnerability/CVE-2021-20345,,"IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594.",IBM,"Rational Rhapsody Model Manager,Rational Quality Manager,Engineering Test Management,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-06-02T21:15:00.000Z,0
CVE-2021-20346,https://securityvulnerability.io/vulnerability/CVE-2021-20346,,"IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595.",IBM,"Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Engineering Lifecycle Optimization,Rational Doors Next Generation,Rational Quality Manager,Rational Rhapsody Model Manager,Engineering Test Management",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-06-02T21:15:00.000Z,0
CVE-2021-20347,https://securityvulnerability.io/vulnerability/CVE-2021-20347,,"IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194596.",IBM,"Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization,Rational Quality Manager,Rational Rhapsody Model Manager,Engineering Test Management",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-06-02T21:15:00.000Z,0
CVE-2021-20348,https://securityvulnerability.io/vulnerability/CVE-2021-20348,,"IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 194597.",IBM,"Rational Rhapsody Model Manager,Rational Quality Manager,Engineering Test Management,Rational Doors Next Generation,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Engineering Lifecycle Optimization",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-06-02T21:15:00.000Z,0
CVE-2021-20371,https://securityvulnerability.io/vulnerability/CVE-2021-20371,,IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.,IBM,"Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Engineering Lifecycle Optimization,Rational Doors Next Generation,Rational Quality Manager,Rational Rhapsody Model Manager,Engineering Test Management",4.3,MEDIUM,0.0014400000218302011,false,false,false,false,,false,false,2021-06-02T21:15:00.000Z,0
CVE-2021-29668,https://securityvulnerability.io/vulnerability/CVE-2021-29668,,IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199406.,IBM,"Engineering Test Management,Rational Quality Manager,Rational Rhapsody Model Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-06-02T21:15:00.000Z,0
CVE-2021-29670,https://securityvulnerability.io/vulnerability/CVE-2021-29670,,IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199408.,IBM,"Engineering Test Management,Rational Rhapsody Model Manager,Rational Quality Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-06-02T21:15:00.000Z,0
CVE-2021-20519,https://securityvulnerability.io/vulnerability/CVE-2021-20519,,IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.,IBM,"Rational Quality Manager,Rational Team Concert,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management,Engineering Test Management,Rational Doors Next Generation,Engineering Lifecycle Optimization,Engineering Workflow Management,Rational Rhapsody Model Manager",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-04-12T18:15:00.000Z,0
CVE-2020-4920,https://securityvulnerability.io/vulnerability/CVE-2020-4920,,IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.,IBM,"Rational Engineering Lifecycle Manager,Rational Quality Manager,Rational Team Concert,Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Engineering Test Management,Engineering Lifecycle Optimization,Engineering Workflow Management,Rational Rhapsody Model Manager",6.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-04-12T18:15:00.000Z,0
CVE-2020-4965,https://securityvulnerability.io/vulnerability/CVE-2020-4965,,IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.,IBM,"Rational Doors Next Generation,Engineering Test Management,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Rational Quality Manager,Rational Team Concert,Rational Rhapsody Model Manager,Engineering Workflow Management,Engineering Lifecycle Optimization",5.9,MEDIUM,0.0010100000072270632,false,false,false,false,,false,false,2021-04-12T18:15:00.000Z,0
CVE-2020-4964,https://securityvulnerability.io/vulnerability/CVE-2020-4964,,IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.,IBM,"Rational Rhapsody Model Manager,Engineering Lifecycle Optimization,Engineering Workflow Management,Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Engineering Test Management,Rational Engineering Lifecycle Manager,Rational Quality Manager,Rational Team Concert",4.3,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-04-12T18:15:00.000Z,0
CVE-2020-4524,https://securityvulnerability.io/vulnerability/CVE-2020-4524,,IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.,IBM,"Rational Collaborative Lifecycle Management,Rational Team Concert,Rational Quality Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Rhapsody Design Manager,Engineering Test Management,Rational Engineering Lifecycle Manager,Engineering Workflow Management,Rational Rhapsody Model Manager",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-01-27T17:15:00.000Z,0
CVE-2020-4547,https://securityvulnerability.io/vulnerability/CVE-2020-4547,,"IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.",IBM,"Engineering Workflow Management,Rational Engineering Lifecycle Manager,Rational Rhapsody Model Manager,Engineering Lifecycle Optimization,Engineering Test Management,Rational Rhapsody Design Manager,Rational Quality Manager,Rational Team Concert,Rational Collaborative Lifecycle Management,Rational Doors Next Generation",5.4,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2021-01-27T17:15:00.000Z,0
CVE-2020-4855,https://securityvulnerability.io/vulnerability/CVE-2020-4855,,IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.,IBM,"Rational Collaborative Lifecycle Management,Rational Team Concert,Rational Quality Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Rhapsody Design Manager,Engineering Test Management,Rational Engineering Lifecycle Manager,Engineering Workflow Management,Rational Rhapsody Model Manager",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-01-27T17:15:00.000Z,0
CVE-2020-4865,https://securityvulnerability.io/vulnerability/CVE-2020-4865,,IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.,IBM,"Engineering Lifecycle Optimization,Rational Rhapsody Design Manager,Engineering Test Management,Rational Collaborative Lifecycle Management,Rational Team Concert,Rational Quality Manager,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Engineering Workflow Management,Rational Rhapsody Model Manager",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-01-27T17:15:00.000Z,0
CVE-2021-20357,https://securityvulnerability.io/vulnerability/CVE-2021-20357,,IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.,IBM,"Rational Doors Next Generation,Rational Quality Manager,Rational Collaborative Lifecycle Management,Rational Team Concert,Engineering Test Management,Rational Rhapsody Design Manager,Engineering Lifecycle Optimization,Rational Rhapsody Model Manager,Engineering Workflow Management,Rational Engineering Lifecycle Manager",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-01-27T17:15:00.000Z,0
CVE-2020-4697,https://securityvulnerability.io/vulnerability/CVE-2020-4697,,IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790.,IBM,"Rational Team Concert,Rational Rhapsody Design Manager,Rational Rhapsody Model Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Quality Manager,Engineering Test Management,Rational Engineering Lifecycle Manager,Engineering Workflow Management,Rational Collaborative Lifecycle Management",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-01-08T21:15:00.000Z,0
CVE-2020-4544,https://securityvulnerability.io/vulnerability/CVE-2020-4544,,IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189.,IBM,"Engineering Workflow Management,Rational Collaborative Lifecycle Management,Rational Quality Manager,Engineering Test Management,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Team Concert,Rational Rhapsody Model Manager,Rational Rhapsody Design Manager",4.3,MEDIUM,0.0007600000244565308,false,false,false,false,,false,false,2021-01-08T21:15:00.000Z,0
CVE-2020-4691,https://securityvulnerability.io/vulnerability/CVE-2020-4691,,IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186698.,IBM,"Rational Rhapsody Design Manager,Rational Rhapsody Model Manager,Rational Team Concert,Engineering Lifecycle Optimization,Rational Doors Next Generation,Engineering Test Management,Rational Engineering Lifecycle Manager,Rational Quality Manager,Engineering Workflow Management,Rational Collaborative Lifecycle Management",4.6,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-01-08T21:15:00.000Z,0