cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2018-1694,https://securityvulnerability.io/vulnerability/CVE-2018-1694,,"IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609.",IBM,"Rational Team Concert,Rational Software Architect Design Manager,Rational Doors Next Generation,Rational Collaborative Lifecycle Management,Rational Rhapsody Design Manager,Rational Quality Manager,Rational Engineering Lifecycle Manager",5.9,MEDIUM,0.0011500000255182385,false,false,false,false,,false,false,2018-11-06T16:29:00.000Z,0
CVE-2018-1606,https://securityvulnerability.io/vulnerability/CVE-2018-1606,,"IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796.",IBM,"Rational Team Concert,Rational Software Architect Design Manager,Rational Doors Next Generation,Rational Collaborative Lifecycle Management,Rational Rhapsody Design Manager,Rational Quality Manager,Rational Engineering Lifecycle Manager",4.3,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-11-06T16:29:00.000Z,0
CVE-2017-1753,https://securityvulnerability.io/vulnerability/CVE-2017-1753,,"Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.",IBM,"Rational Doors Next Generation,Rational Rhapsody Design Manager,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Rational Software Architect Design Manager,Rational Quality Manager,Rational Team Concert",5.4,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2018-08-20T21:29:00.000Z,0
CVE-2018-1394,https://securityvulnerability.io/vulnerability/CVE-2018-1394,,Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425.,IBM,"Rational Doors Next Generation,Rational Rhapsody Design Manager,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Rational Software Architect Design Manager,Rational Quality Manager,Rational Team Concert",5.4,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-08-20T21:29:00.000Z,0
CVE-2018-1585,https://securityvulnerability.io/vulnerability/CVE-2018-1585,,IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143498.,IBM,"Rational Software Architect Design Manager,Rational Rhapsody Design Manager",5.4,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-07-19T14:29:00.000Z,0
CVE-2018-1536,https://securityvulnerability.io/vulnerability/CVE-2018-1536,,IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142558.,IBM,"Rational Software Architect Design Manager,Rational Rhapsody Design Manager",5.4,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-07-19T14:29:00.000Z,0
CVE-2018-1535,https://securityvulnerability.io/vulnerability/CVE-2018-1535,,IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124557.,IBM,"Rational Rhapsody Design Manager,Rational Software Architect Design Manager",5.4,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-07-19T14:29:00.000Z,0
CVE-2018-1587,https://securityvulnerability.io/vulnerability/CVE-2018-1587,,IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500.,IBM,"Rational Software Architect Design Manager,Rational Rhapsody Design Manager",4.3,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-07-19T14:29:00.000Z,0
CVE-2018-1492,https://securityvulnerability.io/vulnerability/CVE-2018-1492,,IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.,IBM,"Rational Engineering Lifecycle Manager,Rational Software Architect Design Manager,Rational Team Concert,Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Rational Rhapsody Design Manager,Rational Quality Manager",4.3,MEDIUM,0.0007300000288523734,false,false,false,false,,false,false,2018-07-10T16:29:00.000Z,0
CVE-2018-1423,https://securityvulnerability.io/vulnerability/CVE-2018-1423,,IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.,IBM,"Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Rational Rhapsody Design Manager,Rational Quality Manager,Rational Engineering Lifecycle Manager,Rational Software Architect Design Manager,Rational Team Concert",4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2018-07-10T16:29:00.000Z,0
CVE-2017-1488,https://securityvulnerability.io/vulnerability/CVE-2017-1488,,An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627.,IBM,"Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Rational Quality Manager,Rational Collaborative Lifecycle Management,Rational Software Architect Design Manager,Rational Team Concert,Rational Rhapsody Design Manager",3.7,LOW,0.0006900000153109431,false,false,false,false,,false,false,2018-07-06T14:29:00.000Z,0
CVE-2017-1509,https://securityvulnerability.io/vulnerability/CVE-2017-1509,,IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719.,IBM,"Rational Rhapsody Design Manager,Rational Software Architect Design Manager,Rational Team Concert,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Rational Quality Manager",4.3,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-07-06T14:29:00.000Z,0
CVE-2017-1559,https://securityvulnerability.io/vulnerability/CVE-2017-1559,,Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758.,IBM,"Rational Rhapsody Design Manager,Rational Software Architect Design Manager,Rational Team Concert,Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Rational Quality Manager",3.1,LOW,0.0004900000058114529,false,false,false,false,,false,false,2018-07-06T14:29:00.000Z,0
CVE-2017-1237,https://securityvulnerability.io/vulnerability/CVE-2017-1237,,IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355.,IBM,"Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Rational Quality Manager,Rational Rhapsody Design Manager,Rational Software Architect Design Manager,Rational Team Concert",5.4,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-06-28T00:00:00.000Z,0
CVE-2017-1725,https://securityvulnerability.io/vulnerability/CVE-2017-1725,,"IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) contain an undisclosed vulnerability with the potential for information disclosure. IBM X-Force ID: 134820.",IBM,"Rational Quality Manager,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Rational Software Architect Design Manager,Rational Team Concert,Rational Rhapsody Design Manager",4.3,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-04-24T14:29:00.000Z,0
CVE-2017-1700,https://securityvulnerability.io/vulnerability/CVE-2017-1700,,"IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392.",IBM,"Rational Team Concert,Rational Engineering Lifecycle Manager,Rational Software Architect Design Manager,Rational Quality Manager,Rational Doors Next Generation,Rational Collaborative Lifecycle Management,Rational Rhapsody Design Manager",6.5,MEDIUM,0.000750000006519258,false,false,false,false,,false,false,2018-04-24T14:29:00.000Z,0
CVE-2017-1734,https://securityvulnerability.io/vulnerability/CVE-2017-1734,,"IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915.",IBM,"Rational Engineering Lifecycle Manager,Rational Quality Manager,Rational Rhapsody Design Manager,Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Rational Team Concert,Rational Software Architect Design Manager",4.3,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-04-18T00:00:00.000Z,0
CVE-2016-0284,https://securityvulnerability.io/vulnerability/CVE-2016-0284,,"The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",IBM,Rational Software Architect Design Manager,5.4,MEDIUM,0.00107999995816499,false,false,false,false,,false,false,2016-11-24T19:41:00.000Z,0
CVE-2015-0113,https://securityvulnerability.io/vulnerability/CVE-2015-0113,,"The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Engineering Lifecycle Manager 4.0.3 through 4.0.7 and 5.0 through 5.0.2, Rational Rhapsody Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, and Rational Software Architect Design Manager 4.0 through 4.0.7 and 5.0 through 5.0.2 allows remote attackers to read JSP source code via a crafted request.",IBM,Rational Software Architect Design Manager,,,0.0016400000313296914,false,false,false,false,,false,false,2015-04-27T01:00:00.000Z,0
CVE-2014-3092,https://securityvulnerability.io/vulnerability/CVE-2014-3092,,"IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.",IBM,"Rational Engineering Lifecycle Manager,Rational Requirements Composer,Rational Software Architect Design Manager,Rational Quality Manager,Rational Team Concert,Rational Rhapsody Design Manager,Rational Doors Next Generation",,,0.001769999973475933,false,false,false,false,,false,false,2014-09-12T01:00:00.000Z,0
CVE-2014-0947,https://securityvulnerability.io/vulnerability/CVE-2014-0947,,Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.,IBM,Rational Software Architect Design Manager,,,0.003289999905973673,false,false,false,false,,false,false,2014-07-30T10:00:00.000Z,0
CVE-2013-3042,https://securityvulnerability.io/vulnerability/CVE-2013-3042,,Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.,IBM,"Rational Software Architect Design Manager,Rhapsody Design Manager",,,0.0004400000034365803,false,false,false,false,,false,false,2013-12-14T22:00:00.000Z,0
CVE-2013-3043,https://securityvulnerability.io/vulnerability/CVE-2013-3043,,Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.,IBM,"Rational Software Architect Design Manager,Rhapsody Design Manager",,,0.0004400000034365803,false,false,false,false,,false,false,2013-12-14T22:00:00.000Z,0