PT-2016-5311 · Ibm · Ibm Rational Doors Next Generation+5
Vishal Garg
·
Published
2016-11-25
·
Updated
2016-11-28
·
CVE-2016-2986
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Rational Collaborative Lifecycle Management versions 6.0.0 through 6.0.1 before iFix6
IBM Rational Quality Manager versions 6.0.0 through 6.0.1 before iFix6
IBM Rational Team Concert versions 6.0.0 through 6.0.1 before iFix6
IBM Rational DOORS Next Generation versions 6.0.0 through 6.0.1 before iFix6
IBM Rational Engineering Lifecycle Manager versions 6.0.0 through 6.0.1 before iFix6
IBM Rational Rhapsody Design Manager versions 6.0.0 through 6.0.1 before iFix6
Description
A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Recommendations
For IBM Rational Collaborative Lifecycle Management versions 6.0.0 through 6.0.1 before iFix6, update to version 6.0.1 iFix6.
For IBM Rational Quality Manager versions 6.0.0 through 6.0.1 before iFix6, update to version 6.0.1 iFix6.
For IBM Rational Team Concert versions 6.0.0 through 6.0.1 before iFix6, update to version 6.0.1 iFix6.
For IBM Rational DOORS Next Generation versions 6.0.0 through 6.0.1 before iFix6, update to version 6.0.1 iFix6.
For IBM Rational Engineering Lifecycle Manager versions 6.0.0 through 6.0.1 before iFix6, update to version 6.0.1 iFix6.
For IBM Rational Rhapsody Design Manager versions 6.0.0 through 6.0.1 before iFix6, update to version 6.0.1 iFix6.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Rational Collaborative Lifecycle Management
Ibm Rational Doors Next Generation
Ibm Rational Engineering Lifecycle Manager
Ibm Rational Quality Manager
Rational Rhapsody Design Manager
Ibm Rational Team Concert