IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYHAAHNUS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5;. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5;. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5;. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.