Rational

Security Bulletin: ClearQuest Cross-Site Scripting (XSS) Vulnerability (CVE-2012-2205)

Aug 11, 2012 1:43 am EDT

IBM Rational ClearQuest Web client contains a Cross-Site Scripting vulnerability. CVE(s):CVE-2012-2205 Affected product(s): ClearQuestAffected version(s): 7.1.2.7 or 8.0.0.3 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21605838X-Force Database:https://exchange.xforce.ibmcloud.com/vulnerabilities/77094 ...read more


Security Bulletin: Open Redirect and Cross-Site Scripting Vulnerabilities in the Rational Directory Server Help System (CVE-2012-2159, CVE-2012-2161)

Jul 2, 2012 8:20 pm EDT

Some scripts in the help system used by IBM Rational Directory Administrator (RDA) are vulnerable to open redirect or cross-site scripting attacks CVE(s):CVE-2012-2159, CVE-2012-2161 Affected product(s): IBM Rational Directory Server Affected version(s): 5.0, 5.1, 5.1.0.1, 5.1.0.2, 5.1.1, 5.1.1.1, 5.2, 5.2.0.1, 5.2.0.2 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin:http://www-01.ibm.com/support/docview.wss?uid=swg21599616X-Force ...read more


Security Bulletin: SQL Injection Vulnerability in the IBM Rational ClearQuest Maintenance tool (CVE-2011-1390)

May 10, 2012 6:03 pm EDT

The Rational ClearQuest Maintenance tool on Microsoft Windows platforms contains a feature to upgrade the user database. This feature is subject to a SQL Injection attack. CVE(s):CVE-2011-1390 Affected product(s): Rational ClearQuest Affected version(s): 7.1.1, 7.1.1.1, 7.1.1.2, 7.1.1.3, 7.1.1.4, 7.1.1.5, 7.1.1.6, 7.1.1.7, 7.1.1.8, 7.1.2, 7.1.2.1, 7.1.2.2, 7.1.2.3, 7.1.2.4, 7.1.2.5, 8.0, 8.0.0.1 Refer to the following reference ...read more


Security Bulletin: IBM Rational ClearQuest CQOle ActiveX Control Remote Execution Vulnerability (CVE-2012-0708)

Apr 19, 2012 6:37 pm EDT

A defect has been discovered where an IBM Rational ClearQuest Ole API function can be called with incorrect parameters causing a crash or possible execution of attack code. CVE(s):CVE-2012-0708 Affected product(s): IBM Rational ClearQuest Affected version(s): 7.1.1, 7.1.1.1, 7.1.1.2, 7.1.1.3, 7.1.1.4, 7.1.1.5, 7.1.1.6, 7.1.1.7, 7.1.1.8, 7.1.2, 7.1.2.1, 7.1.2.2, 7.1.2.3, 7.1.2.4, 7.1.2.5, 8.0, 8.0.0.1 Refer to ...read more


Security Bulletin: IBM Personal Communications WorkStation file Buffer Overflow Vulnerability (CVE-2012-0201)

Feb 28, 2012 10:04 pm EST

A buffer overflow vulnerability in the handling of WorkStation files (.ws) by IBM Personal Communications could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code on vulnerable installations of IBM Personal Communications. CVE(s):CVE-2012-0201 Affected product(s): IBM Personal Communications Affected version(s): 5.9, 6.0 Refer to the following reference ...read more


Security Update: Updated JRE package addresses an Information Disclosure Vulnerability in IBM Rational License Key Server and IBM Rational License Key Administrator (CVE-2011-3547)

Feb 15, 2012 5:30 pm EST

IBM Rational License Key Server and IBM Rational License Key Administrator have upgraded the JRE that they package in order to mitigate a security vulnerability in Java Runtime Environment. CVE(s):CVE-2011-3547 Affected product(s): Rational License Key Server, Rational Common Licensing Affected version(s): 8.1.1, 8.1.2 For remediation and vulnerability details, refer to:http://www-01.ibm.com/support/docview.wss?uid=swg21579415 ...read more


Security Bulletin: Vulnerability in IBM Rational License Key Server affecting both the license server, lmgrd, and the vendor daemon, ibmratl (CVE-2011-1389)

Jan 11, 2012 1:37 pm EST

A possible security vulnerability has been reported in the FlexNet Publisher lmgrd license server manager as well as vendor daemons. There have been no reported exploits of this possible vulnerability and to date it has not been reported by FlexNetSoftware users CVE(s):CVE-2011-1389 Affected product(s): IBM Rational License Key Server, Rational License Server, Telelogic License Server ...read more


Security Bulletin: Rational Rhapsody for Windows Blueberry FlashBack ActiveX Control Vulnerabilities (CVE-2011-1388, CVE-2011-1391, CVE-2011-1392)

Dec 23, 2011 12:16 pm EST

There are multiple high risk security vulnerabilities with the Blueberry FlashBack ActiveX control used by IBM Rational Rhapsody versions 7.6 and earlier for Windows operating systems. CVE(s): CVE-2011-1388, CVE-2011-1391, CVE-2011-1392 Affected product(s): IBM Rational RhapsodyAffected version(s): 7.5.x, 7.6 For remediation and vulnerability details, refer to: http://www.ibm.com/support/docview.wss?uid=swg21576352 ...read more


Security Bulletin: Vulnerability in Rational AppScan Standard, Express, Enterprise and Reporting Console with potential for command execution (CVE-2011-1366, CVE-2011-1367)

Nov 11, 2011 8:45 pm EST

A high risk security vulnerability in the “Import functionality” of IBM Rational AppScan Enterprise and IBM Rational AppScan Reporting Console and the “File Load functionality” of IBM Rational AppScan Standard and IBM Rational AppScan Express may result in remote command execution. CVE(s): CVE-2011-1366, CVE-2011-1367 Affected product(s): Rational AppScan Enterprise and Rational AppScan Reporting Console Affected ...read more