PT-2014-6123 · Ibm · Ibm Rational Quality Manager
Published
2014-12-19
·
Updated
2017-08-29
·
CVE-2014-4801
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Rational Quality Manager versions 2.x through 2.0.1.1
IBM Rational Quality Manager versions 3.x before 3.0.1.6 iFix 4
IBM Rational Quality Manager versions 4.x before 4.0.7 iFix 2
IBM Rational Quality Manager versions 5.x before 5.0.1
Description
The issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, which is a result of a cross-site scripting (XSS) vulnerability.
Recommendations
For versions 2.x through 2.0.1.1, update to a version after 2.0.1.1.
For versions 3.x before 3.0.1.6 iFix 4, update to 3.0.1.6 iFix 4 or later.
For versions 4.x before 4.0.7 iFix 2, update to 4.0.7 iFix 2 or later.
For versions 5.x before 5.0.1, update to 5.0.1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Rational Quality Manager