This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2013-10-16
Product Rational Focal Point Last view 2014-02-25
Version 6.5.2.3 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ibm:rational_focal_point

Activity : Overall

Related : CVE

  Date Alert Description
3.5 2014-02-25 CVE-2014-0853

Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3.5 2014-02-25 CVE-2014-0843

Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.
5 2014-02-25 CVE-2014-0842

The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code.
3.5 2014-02-25 CVE-2014-0840

Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
4 2014-02-25 CVE-2014-0839

IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference.
3.3 2013-12-18 CVE-2013-5398

Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5397.
3.3 2013-12-18 CVE-2013-5397

Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5398.
4.3 2013-10-16 CVE-2013-3025

Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
66% (4) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
16% (1) CWE-264 Permissions, Privileges, and Access Controls
16% (1) CWE-255 Credentials Management

Snort® IPS/IDS

Date Description
2016-03-14 IBM Rational Focal Point webservice Axis Gateway POST vulnerability attempt
RuleID : 36255 - Type : SERVER-WEBAPP - Revision : 2
2016-03-14 IBM Rational Focal Point webservice Axis Gateway GET vulnerability attempt
RuleID : 36254 - Type : SERVER-WEBAPP - Revision : 2
2014-03-06 IBM Rational Focal Point webservice Axis Gateway POST vulnerability attempt
RuleID : 29548 - Type : SERVER-WEBAPP - Revision : 4
2014-03-06 IBM Rational Focal Point webservice Axis Gateway GET vulnerability attempt
RuleID : 29547 - Type : SERVER-WEBAPP - Revision : 4

Nessus® Vulnerability Scanner

id Description
2014-03-06 Name: The remote host is affected by a file disclosure vulnerability.
File: ibm_rational_focalpoint_login_file_disclosure.nasl - Type: ACT_ATTACK
2014-03-06 Name: The remote host is affected by a file disclosure vulnerability.
File: ibm_rational_focalpoint_rac_file_disclosure.nasl - Type: ACT_ATTACK