Vulnerability CVE-2017-1629


Published: 2018-03-23

Description:
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133127.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: IBM
Product: Rational doors next generation 
Version:
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.0.2
5.0.1
5.0.0
5.0
4.0.7
4.0.6
4.0.5
4.0.4
4.0.3
4.0.2
See more versions on NVD
Product: Rational team concert 
Version:
6.0.4
6.0.3
6.0.1
6.0.0
6.0
5.0.2
5.0.1
5.0.0
5.0
4.0.7
4.0.6
4.0.5
4.0.4
4.0.3
See more versions on NVD
Product: Rational rhapsody design manager 
Version:
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
6.0
5.0.2
5.0.1
5.0.0
5.0
4.0.7
4.0.6
4.0.5
4.0.4
4.0.3
4.0.2
See more versions on NVD
Product: Rational quality manager 
Version:
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
6.0
5.0.2
5.0.1
5.0.0
5.0
4.0.7
4.0.6
4.0.5
4.0.4
4.0.3
See more versions on NVD
Product: Rational engineering lifecycle manager 
Version:
6.0.3
6.0.2
6.0.1
6.0.0
6.0
5.0.2
5.0.1
5.0.0
5.0
4.0.7
4.0.6
4.0.5
4.0.4
4.0.3
See more versions on NVD
Product: Rational collaborative lifecycle management 
Version:
6.0.3
6.0.1
6.0.0
6.0
5.0.2
5.0.1
5.0.0
5.0
4.0.7
4.0.6
4.0.5
4.0.4
4.0.3
4.0.2
See more versions on NVD
Product: Rational software architect design manager 
Version:
6.0.1
6.0.0
5.0.2
5.0.1
5.0.0
5.0
4.0.7
4.0.6
4.0.5
4.0.4
4.0.3
4.0.2
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.ibm.com/support/docview.wss?uid=swg22014815
http://www.securityfocus.com/bid/103477
https://exchange.xforce.ibmcloud.com/vulnerabilities/133127

Related CVE
CVE-2018-1513
IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to c...
CVE-2018-1503
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339.
CVE-2018-1587
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information ab...
CVE-2018-1585
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed a...
CVE-2018-1536
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed a...
CVE-2018-1535
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed a...
CVE-2018-1529
IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI ...
CVE-2018-1612
IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. IBM X-Force ID: 144164.

Copyright 2018, cxsecurity.com

 

Back to Top