PT-2015-4491 · Ibm · Ibm Rational Team Concert+4
Publicado
2015-07-20
·
Atualizado
2015-07-20
·
CVE-2015-0130
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Rational Collaborative Lifecycle Management (CLM) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4
Rational Quality Manager (RQM) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4
Rational Team Concert (RTC) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4
Rational Requirements Composer (RRC) versions 4.x through 4.0.7
Rational DOORS Next Generation (RDNG) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4
Description
A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Recommendations
For IBM Rational Collaborative Lifecycle Management (CLM) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4, update to version 4.0.7 IF6 or 5.0.2 IF5.
For Rational Quality Manager (RQM) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4, update to version 4.0.7 IF6 or 5.0.2 IF5.
For Rational Team Concert (RTC) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4, update to version 4.0.7 IF6 or 5.0.2 IF5.
For Rational Requirements Composer (RRC) versions 4.x through 4.0.7, update to version 4.0.7 IF6.
For Rational DOORS Next Generation (RDNG) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4, update to version 4.0.7 IF6 or 5.0.2 IF5.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Rational Collaborative Lifecycle Management
Ibm Rational Doors Next Generation
Ibm Rational Quality Manager
Ibm Rational Requirements Composer
Ibm Rational Team Concert