PT-2014-3888 · Ibm · Ibm Rational Requirements Composer+1
Published
2014-03-04
·
Updated
2017-08-29
·
CVE-2014-0845
CVSS v2.0
4.9
Medium
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Rational Requirements Composer versions 3.x through 3.0.1.6 iFix1 and versions 4.x through 4.0.5
IBM Rational Requirements Composer version 3.0.1.6 before iFix2
IBM Rational DOORS Next Generation versions 4.x through 4.0.5
Description
The issue allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
Recommendations
For IBM Rational Requirements Composer versions 3.x through 3.0.1.6 iFix1, update to version 3.0.1.6 iFix2 or later.
For IBM Rational Requirements Composer versions 4.x through 4.0.5, update to version 4.0.6 or later.
For IBM Rational DOORS Next Generation versions 4.x through 4.0.5, update to version 4.0.6 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Rational Doors Next Generation
Ibm Rational Requirements Composer