PT-2016-3779 · Ibm · Rational Software Architect+2
Published
2016-01-27
·
Updated
2016-01-28
·
CVE-2015-7439
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Rational Software Architect versions 8.5 through 9.5
IBM Rational Software Architect for WebSphere Software (RSA4WS) versions 8.5 through 9.5
IBM Rational Software Architect RealTime (RSART) versions 8.5 through 9.5
Description
The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via a crafted URL. This can potentially lead to unauthorized actions on the affected system.
Recommendations
For IBM Rational Software Architect versions 8.5 through 9.5, update to a version that includes the fix for this issue.
For IBM Rational Software Architect for WebSphere Software (RSA4WS) versions 8.5 through 9.5, update to a version that includes the fix for this issue.
For IBM Rational Software Architect RealTime (RSART) versions 8.5 through 9.5, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to crafted URLs to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rational Software Architect
Ibm Rational Software Architect Realtime
Ibm Rational Software Architect For Websphere