Rational Rhapsody Design Manager

6.0

MAJOR_MINOR 24 CVEs

4.0.7

SEMANTIC 1 CVE

6.0.6.1

OTHER 15 CVEs

6.0.5

SEMANTIC 18 CVEs

4.0.2

SEMANTIC 1 CVE

5.0.1

SEMANTIC 17 CVEs

6.0.6

SEMANTIC 17 CVEs

5.02

MAJOR_MINOR 2 CVEs

4.0.6

SEMANTIC 1 CVE

5.0.2

SEMANTIC 17 CVEs

4.0.3

SEMANTIC 1 CVE

6.0.2

SEMANTIC 42 CVEs

5.0

MAJOR_MINOR 19 CVEs

7.0.1

SEMANTIC 5 CVEs

4.0.4

SEMANTIC 1 CVE

4.0.5

SEMANTIC 1 CVE

6.0.1

SEMANTIC 24 CVEs

6.0.4

SEMANTIC 19 CVEs

7.0

MAJOR_MINOR 12 CVEs

5.01

MAJOR_MINOR 2 CVEs

4.0.1

SEMANTIC 1 CVE

5.0.x

OTHER 4 CVEs

6.0.3

SEMANTIC 24 CVEs

4.0

MAJOR_MINOR 1 CVE

CVE-2017-1753

Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.

MEDIUM Aug 20, 2018

CVE-2017-1559

Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758.

LOW Jul 06, 2018

CVE-2017-1237

IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355.

MEDIUM Jul 06, 2018

CVE-2017-1488

An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627.

LOW Jul 06, 2018

CVE-2017-1509

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719.

MEDIUM Jul 06, 2018

CVE-2017-1700

IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392.

UNKNOWN Apr 24, 2018

CVE-2017-1734

IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915.

UNKNOWN Apr 24, 2018

CVE-2017-1249

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

UNKNOWN Jul 24, 2017

CVE-2016-8975

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912.

UNKNOWN Jul 24, 2017

CVE-2016-9698

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960.

UNKNOWN Jun 08, 2017