Rational Engineering Lifecycle Manager

6.0

MAJOR_MINOR 32 CVEs

4.0.7

SEMANTIC 9 CVEs

6.0.6.1

OTHER 32 CVEs

6.0.5

SEMANTIC 23 CVEs

5.0.1

SEMANTIC 19 CVEs

6.0.6

SEMANTIC 44 CVEs

5.02

MAJOR_MINOR 8 CVEs

4.0.6

SEMANTIC 9 CVEs

5.0.2

SEMANTIC 19 CVEs

4.0.3

SEMANTIC 9 CVEs

6.0.2

SEMANTIC 51 CVEs

5.0

MAJOR_MINOR 27 CVEs

7.0.2

SEMANTIC 20 CVEs

7.0.1

SEMANTIC 29 CVEs

4.0.4

SEMANTIC 9 CVEs

4.0.5

SEMANTIC 9 CVEs

6.0.1

SEMANTIC 32 CVEs

6.0.4

SEMANTIC 32 CVEs

7.0

MAJOR_MINOR 34 CVEs

5.01

MAJOR_MINOR 8 CVEs

5.0.x

OTHER 4 CVEs

6.0.3

SEMANTIC 32 CVEs

CVE-2020-4977

IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192470.

MEDIUM Jun 02, 2021

CVE-2020-4732

IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.

MEDIUM Jun 02, 2021

CVE-2020-4495

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114.

HIGH Jun 02, 2021

CVE-2020-4964

IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.

MEDIUM Apr 12, 2021

CVE-2020-4920

IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.

MEDIUM Apr 12, 2021

CVE-2020-4865

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.

MEDIUM Jan 27, 2021

CVE-2020-4524

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.

MEDIUM Jan 27, 2021

CVE-2020-4733

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127.

MEDIUM Jan 08, 2021

CVE-2020-4697

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790.

MEDIUM Jan 08, 2021

CVE-2020-4487

IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862.

MEDIUM Jan 08, 2021