cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-29844,https://securityvulnerability.io/vulnerability/CVE-2021-29844,Server-Side Request Forgery Vulnerability in IBM Jazz Team Server,"IBM Jazz Team Server products are susceptible to a server-side request forgery (SSRF) vulnerability. An attacker with authentication privileges can exploit this flaw to orchestrate unauthorized requests from the server. This may lead to sensitive data exposure, enabling attackers to perform network enumeration and potentially facilitate further security breaches. Addressing this security issue is critical to maintaining the integrity and confidentiality of affected systems.",IBM,"Engineering Workflow Management,Rational Doors Next Generation,Rational Team Concert,Rational Engineering Lifecycle Manager,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management",5.4,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2021-10-27T16:15:00.000Z,0
CVE-2021-29673,https://securityvulnerability.io/vulnerability/CVE-2021-29673,Cross-Site Scripting Vulnerability in IBM Jazz Team Server,"IBM Jazz Team Server is susceptible to a cross-site scripting vulnerability that permits attackers to inject arbitrary JavaScript code into the web user interface. This security flaw can manipulate the expected behaviors of the application, potentially allowing the compromise of user credentials during a trusted session. For more details, refer to the official IBM documentation and the X-Force vulnerability database.",IBM,"Rational Team Concert,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Engineering Workflow Management,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-10-27T16:15:00.000Z,0
CVE-2021-29713,https://securityvulnerability.io/vulnerability/CVE-2021-29713,Cross-Site Scripting Vulnerability in IBM Jazz Team Server,"IBM Jazz Team Server is susceptible to a cross-site scripting vulnerability that permits malicious users to inject arbitrary JavaScript into the web interface. This flaw can modify the expected functionality of the application, potentially leading to the disclosure of sensitive credentials in the context of an authenticated user session, thus posing significant security risks.",IBM,"Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Rational Team Concert,Engineering Workflow Management",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-10-27T16:15:00.000Z,0
CVE-2021-29774,https://securityvulnerability.io/vulnerability/CVE-2021-29774,Privilege Escalation in IBM Jazz Team Server Products,"IBM Jazz Team Server products are susceptible to a vulnerability that enables an authenticated user to acquire elevated privileges under specific configurations. This misconfiguration could lead to unauthorized access and actions within the affected system, potentially compromising sensitive data and operations. It is crucial for users to review their configurations and apply necessary security measures to mitigate this risk.",IBM,"Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Rational Team Concert,Engineering Workflow Management",7.5,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2021-10-27T16:15:00.000Z,0
CVE-2021-29786,https://securityvulnerability.io/vulnerability/CVE-2021-29786,Clear Text Credential Storage in IBM Jazz Team Server,"IBM Jazz Team Server products have a security flaw where user credentials are stored in clear text, allowing an authenticated user to access sensitive information. This oversight poses a significant risk to user data integrity and confidentiality. Protection measures should be considered to prevent unauthorized access to such credentials, thereby securing the application environment.",IBM,"Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management,Rational Team Concert,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Engineering Workflow Management",6.5,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2021-10-27T16:15:00.000Z,0
CVE-2020-5004,https://securityvulnerability.io/vulnerability/CVE-2020-5004,,IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.,IBM,"Rational Team Concert,Rational Quality Manager,Engineering Test Management,Engineering Workflow Management,Rational Doors Next Generation,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Engineering Lifecycle Optimization",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-07-28T13:15:00.000Z,0
CVE-2020-4974,https://securityvulnerability.io/vulnerability/CVE-2020-4974,,"IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.",IBM,"Engineering Test Management,Rational Team Concert,Rational Quality Manager,Rational Doors Next Generation,Rational Collaborative Lifecycle Management,Engineering Workflow Management,Engineering Lifecycle Optimization,Rational Engineering Lifecycle Manager",6.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2021-07-28T13:15:00.000Z,0
CVE-2020-5031,https://securityvulnerability.io/vulnerability/CVE-2020-5031,,IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738.,IBM,"Engineering Workflow Management,Rational Team Concert,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-07-19T16:15:00.000Z,0
CVE-2021-20507,https://securityvulnerability.io/vulnerability/CVE-2021-20507,,IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235.,IBM,"Engineering Workflow Management,Rational Team Concert,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-07-19T16:15:00.000Z,0
CVE-2021-20371,https://securityvulnerability.io/vulnerability/CVE-2021-20371,,IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.,IBM,"Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Engineering Lifecycle Optimization,Rational Doors Next Generation,Rational Quality Manager,Rational Rhapsody Model Manager,Engineering Test Management",4.3,MEDIUM,0.0014400000218302011,false,,false,false,false,,,false,false,,2021-06-02T21:15:00.000Z,0
CVE-2021-20343,https://securityvulnerability.io/vulnerability/CVE-2021-20343,,"IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194593.",IBM,"Engineering Test Management,Rational Quality Manager,Rational Rhapsody Model Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-06-02T21:15:00.000Z,0
CVE-2020-4732,https://securityvulnerability.io/vulnerability/CVE-2020-4732,,IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.,IBM,"Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization,Rational Quality Manager,Rational Rhapsody Model Manager,Engineering Test Management",4.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2021-06-02T21:15:00.000Z,0
CVE-2020-5030,https://securityvulnerability.io/vulnerability/CVE-2020-5030,,IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193737.,IBM,"Rational Rhapsody Model Manager,Rational Quality Manager,Engineering Test Management,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-06-02T21:15:00.000Z,0
CVE-2021-20338,https://securityvulnerability.io/vulnerability/CVE-2021-20338,,IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194449.,IBM,"Engineering Test Management,Rational Rhapsody Model Manager,Rational Quality Manager,Engineering Lifecycle Optimization,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management,Rational Doors Next Generation",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-06-02T21:15:00.000Z,0
CVE-2021-29668,https://securityvulnerability.io/vulnerability/CVE-2021-29668,,IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199406.,IBM,"Engineering Test Management,Rational Quality Manager,Rational Rhapsody Model Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-06-02T21:15:00.000Z,0
CVE-2020-4977,https://securityvulnerability.io/vulnerability/CVE-2020-4977,,IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192470.,IBM,"Rational Quality Manager,Rational Rhapsody Model Manager,Engineering Test Management,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-06-02T21:15:00.000Z,0
CVE-2021-20346,https://securityvulnerability.io/vulnerability/CVE-2021-20346,,"IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595.",IBM,"Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Engineering Lifecycle Optimization,Rational Doors Next Generation,Rational Quality Manager,Rational Rhapsody Model Manager,Engineering Test Management",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-06-02T21:15:00.000Z,0
CVE-2020-4495,https://securityvulnerability.io/vulnerability/CVE-2020-4495,,"IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114.",IBM,"Engineering Test Management,Rational Quality Manager,Rational Rhapsody Model Manager,Engineering Lifecycle Optimization,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management,Rational Doors Next Generation",8.8,HIGH,0.002839999971911311,false,,false,false,false,,,false,false,,2021-06-02T21:15:00.000Z,0
CVE-2021-20347,https://securityvulnerability.io/vulnerability/CVE-2021-20347,,"IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194596.",IBM,"Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization,Rational Quality Manager,Rational Rhapsody Model Manager,Engineering Test Management",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-06-02T21:15:00.000Z,0
CVE-2021-20348,https://securityvulnerability.io/vulnerability/CVE-2021-20348,,"IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 194597.",IBM,"Rational Rhapsody Model Manager,Rational Quality Manager,Engineering Test Management,Rational Doors Next Generation,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Engineering Lifecycle Optimization",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-06-02T21:15:00.000Z,0
CVE-2021-20345,https://securityvulnerability.io/vulnerability/CVE-2021-20345,,"IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594.",IBM,"Rational Rhapsody Model Manager,Rational Quality Manager,Engineering Test Management,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-06-02T21:15:00.000Z,0
CVE-2021-29670,https://securityvulnerability.io/vulnerability/CVE-2021-29670,,IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199408.,IBM,"Engineering Test Management,Rational Rhapsody Model Manager,Rational Quality Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-06-02T21:15:00.000Z,0
CVE-2020-4920,https://securityvulnerability.io/vulnerability/CVE-2020-4920,,IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.,IBM,"Rational Engineering Lifecycle Manager,Rational Quality Manager,Rational Team Concert,Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Engineering Test Management,Engineering Lifecycle Optimization,Engineering Workflow Management,Rational Rhapsody Model Manager",6.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-04-12T18:15:00.000Z,0
CVE-2020-4964,https://securityvulnerability.io/vulnerability/CVE-2020-4964,,IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.,IBM,"Rational Rhapsody Model Manager,Engineering Lifecycle Optimization,Engineering Workflow Management,Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Engineering Test Management,Rational Engineering Lifecycle Manager,Rational Quality Manager,Rational Team Concert",4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-04-12T18:15:00.000Z,0
CVE-2020-4965,https://securityvulnerability.io/vulnerability/CVE-2020-4965,,IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.,IBM,"Rational Doors Next Generation,Engineering Test Management,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Rational Quality Manager,Rational Team Concert,Rational Rhapsody Model Manager,Engineering Workflow Management,Engineering Lifecycle Optimization",5.9,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2021-04-12T18:15:00.000Z,0