PT-2015-4491 · Ibm · Ibm Rational Team Concert+4
Published
2015-07-20
·
Updated
2015-07-20
·
CVE-2015-0130
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Rational Collaborative Lifecycle Management (CLM) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4
Rational Quality Manager (RQM) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4
Rational Team Concert (RTC) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4
Rational Requirements Composer (RRC) versions 4.x through 4.0.7
Rational DOORS Next Generation (RDNG) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4
Description
A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Recommendations
For IBM Rational Collaborative Lifecycle Management (CLM) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4, update to version 4.0.7 IF6 or 5.0.2 IF5.
For Rational Quality Manager (RQM) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4, update to version 4.0.7 IF6 or 5.0.2 IF5.
For Rational Team Concert (RTC) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4, update to version 4.0.7 IF6 or 5.0.2 IF5.
For Rational Requirements Composer (RRC) versions 4.x through 4.0.7, update to version 4.0.7 IF6.
For Rational DOORS Next Generation (RDNG) versions 4.x through 4.0.7 IF5 and 5.x through 5.0.2 IF4, update to version 4.0.7 IF6 or 5.0.2 IF5.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Rational Collaborative Lifecycle Management
Ibm Rational Doors Next Generation
Ibm Rational Quality Manager
Ibm Rational Requirements Composer
Ibm Rational Team Concert