Vishal Garg

**Name of the Vulnerable Software and Affected Versions** CLM (affected versions not specified) **Description** An undisclosed issue in CLM applications may allow an attacker to access certain administrative deployment parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM Jazz Foundation (affected versions not specified) **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Jazz Foundation (affected versions not specified) **Description** The issue allows an authenticated user to take over a previously logged in user due to session expiration not being enforced. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Jazz Foundation (affected versions not specified) **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Rational Collaborative Lifecycle Management versions 6.0.0 through 6.0.1 before iFix6 IBM Rational Quality Manager versions 6.0.0 through 6.0.1 before iFix6 IBM Rational Team Concert versions 6.0.0 through 6.0.1 before iFix6 IBM Rational DOORS Next Generation versions 6.0.0 through 6.0.1 before iFix6 IBM Rational Engineering Lifecycle Manager versions 6.0.0 through 6.0.1 before iFix6 IBM Rational Rhapsody Design Manager versions 6.0.0 through 6.0.1 before iFix6 **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For IBM Rational Collaborative Lifecycle Management versions 6.0.0 through 6.0.1 before iFix6, update to version 6.0.1 iFix6. For IBM Rational Quality Manager versions 6.0.0 through 6.0.1 before iFix6, update to version 6.0.1 iFix6. For IBM Rational Team Concert versions 6.0.0 through 6.0.1 before iFix6, update to version 6.0.1 iFix6. For IBM Rational DOORS Next Generation versions 6.0.0 through 6.0.1 before iFix6, update to version 6.0.1 iFix6. For IBM Rational Engineering Lifecycle Manager versions 6.0.0 through 6.0.1 before iFix6, update to version 6.0.1 iFix6. For IBM Rational Rhapsody Design Manager versions 6.0.0 through 6.0.1 before iFix6, update to version 6.0.1 iFix6.