Ibm Rational Rhapsody Design Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Rational Rhapsody Design Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (90)
CVE-2021-29844 — CVSS 8.8 (high): IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send…
CVE-2016-9698 — CVSS 8.1 (high): IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when…
CVE-2016-9707 — CVSS 8.1 (high): IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data…
CVE-2016-8974 — CVSS 8.1 (high): IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when…
CVE-2015-7440 — CVSS 7.8 (high): IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before…
CVE-2019-4252 — CVSS 7.5 (high): IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An…
CVE-2018-1456 — CVSS 7.1 (high): IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML…
CVE-2015-1928 — CVSS 6.8 (medium): Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2…
CVE-2016-0219 — CVSS 6.5 (medium): XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0…
CVE-2017-1700 — CVSS 6.5 (medium): IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next…
CVE-2015-7453 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1…
CVE-2014-3037 — CVSS 6.0 (medium): Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle…
CVE-2018-1694 — CVSS 5.9 (medium): IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next…
CVE-2018-1758 — CVSS 5.4 (medium): IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users…
CVE-2016-0273 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11…
CVE-2016-0284 — CVSS 5.4 (medium): The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18…
CVE-2016-2864 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11…
CVE-2016-2926 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2…
CVE-2016-2986 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality…
CVE-2016-3014 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2…
CVE-2016-9694 — CVSS 5.4 (medium): IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2016-9696 — CVSS 5.4 (medium): IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed…
CVE-2016-9973 — CVSS 5.4 (medium): IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI…
CVE-2017-1237 — CVSS 5.4 (medium): IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2017-1365 — CVSS 5.4 (medium): IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting…
CVE-2017-1462 — CVSS 5.4 (medium): IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2017-1629 — CVSS 5.4 (medium): IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability…
CVE-2017-1653 — CVSS 5.4 (medium): IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability…
CVE-2017-1655 — CVSS 5.4 (medium): IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability…
CVE-2017-1753 — CVSS 5.4 (medium): Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed…
CVE-2017-1762 — CVSS 5.4 (medium): IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability…
CVE-2018-1394 — CVSS 5.4 (medium): Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2018-1535 — CVSS 5.4 (medium): IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through…
CVE-2018-1536 — CVSS 5.4 (medium): IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through…
CVE-2018-1558 — CVSS 5.4 (medium): IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This…
CVE-2018-1585 — CVSS 5.4 (medium): IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through…
CVE-2018-1688 — CVSS 5.4 (medium): IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This…
CVE-2018-1760 — CVSS 5.4 (medium): IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users…
CVE-2018-1762 — CVSS 5.4 (medium): IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This…
CVE-2018-1826 — CVSS 5.4 (medium): IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users…
CVE-2018-1827 — CVSS 5.4 (medium): IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users…
CVE-2018-1828 — CVSS 5.4 (medium): IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users…
CVE-2018-1892 — CVSS 5.4 (medium): IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users…
CVE-2018-1893 — CVSS 5.4 (medium): IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users…
CVE-2018-1916 — CVSS 5.4 (medium): IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This…
CVE-2018-1952 — CVSS 5.4 (medium): IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This…
CVE-2019-4083 — CVSS 5.4 (medium): IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting…
CVE-2019-4249 — CVSS 5.4 (medium): IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users…
CVE-2019-4250 — CVSS 5.4 (medium): IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting…
CVE-2020-4525 — CVSS 5.4 (medium): IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2020-4691 — CVSS 5.4 (medium): IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2020-4697 — CVSS 5.4 (medium): IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2020-4733 — CVSS 5.4 (medium): IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2014-3092 — CVSS 5.0 (medium): IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x…
CVE-2015-0113 — CVSS 5.0 (medium): The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and…
CVE-2015-7471 — CVSS 4.8 (medium): Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1…
CVE-2016-2987 — CVSS 4.3 (medium): An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.
CVE-2016-6024 — CVSS 4.3 (medium): IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force…
CVE-2016-8973 — CVSS 4.3 (medium): IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious…
CVE-2018-1492 — CVSS 4.3 (medium): IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to…
CVE-2018-1734 — CVSS 4.3 (medium): IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 discloses sensitive information in error messages that may be used by a…
CVE-2020-4544 — CVSS 4.3 (medium): IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is…
CVE-2018-1423 — CVSS 4.3 (medium): IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks…
CVE-2017-1509 — CVSS 4.3 (medium): IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid…
CVE-2017-1524 — CVSS 4.3 (medium): IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive…
CVE-2017-1570 — CVSS 4.3 (medium): IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.
CVE-2017-1602 — CVSS 4.3 (medium): IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they…
CVE-2018-1606 — CVSS 4.3 (medium): IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS…
CVE-2017-1725 — CVSS 4.3 (medium): IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next…
CVE-2017-1734 — CVSS 4.3 (medium): IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next…
CVE-2015-1971 — CVSS 4.3 (medium): Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x…
CVE-2016-9700 — CVSS 4.3 (medium): IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID…
CVE-2016-9735 — CVSS 4.3 (medium): IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,
CVE-2020-4410 — CVSS 4.3 (medium): IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read…
CVE-2017-1099 — CVSS 4.3 (medium): IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force…
CVE-2017-1191 — CVSS 4.3 (medium): An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with…
CVE-2020-4487 — CVSS 4.3 (medium): IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is…
CVE-2017-1240 — CVSS 4.3 (medium): IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.
CVE-2017-1251 — CVSS 4.3 (medium): An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM…
CVE-2019-4084 — CVSS 4.3 (medium): IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to…
CVE-2018-1587 — CVSS 4.3 (medium): IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through…
CVE-2017-1507 — CVSS 4.3 (medium): IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM…
CVE-2016-0372 — CVSS 3.7 (low): IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before…
CVE-2017-1488 — CVSS 3.7 (low): An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627.
CVE-2015-4962 — CVSS 3.5 (low): Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2…
CVE-2015-4946 — CVSS 3.3 (low): Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before…
CVE-2015-7449 — CVSS 3.3 (low): IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and…
CVE-2017-1559 — CVSS 3.1 (low): Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID…
CVE-2016-9697 — CVSS 3.1 (low): An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON…
CVE-2016-2947 — CVSS 2.7 (low): IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational…