This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2014-02-25
Product Rational Focal Point Last view 2014-02-25
Version 6.4.0.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ibm:rational_focal_point

Activity : Overall

Related : CVE

  Date Alert Description
3.5 2014-02-25 CVE-2014-0853

Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3.5 2014-02-25 CVE-2014-0843

Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.
5 2014-02-25 CVE-2014-0842

The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code.
3.5 2014-02-25 CVE-2014-0840

Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
4 2014-02-25 CVE-2014-0839

IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference.

CWE : Common Weakness Enumeration

%idName
60% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
20% (1) CWE-264 Permissions, Privileges, and Access Controls
20% (1) CWE-255 Credentials Management