PT-2014-3889 · Ibm · Ibm Rational Requirements Composer+1
Published
2014-03-04
·
Updated
2017-08-29
·
CVE-2014-0846
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Rational Requirements Composer versions 3.x through 3.0.1.6 iFix1 and versions 4.x through 4.0.5
IBM Rational Requirements Composer version 3.0.1.6 before iFix2
IBM Rational DOORS Next Generation versions 4.x through 4.0.5
Description
A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Recommendations
For IBM Rational Requirements Composer versions 3.x through 3.0.1.6 iFix1, update to version 3.0.1.6 iFix2 or later.
For IBM Rational Requirements Composer versions 4.x through 4.0.5, update to version 4.0.6 or later.
For IBM Rational DOORS Next Generation versions 4.x through 4.0.5, update to version 4.0.6 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Rational Doors Next Generation
Ibm Rational Requirements Composer