PT-2018-4422 · Ibm · Ibm Rational Team Concert+7

Published

2018-03-15

·

Updated

2018-04-10

·

CVE-2015-7471

CVSS v2.0

3.5

Low

VectorAV:N/AC:M/Au:S/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions IBM Rational Collaborative Lifecycle Management (CLM) versions 3.0.1 through 3.0.1.6 iFix7 Interim Fix 1, versions 4.0.x through 4.0.7 iFix10, versions 5.0.x through 5.0.2 iFix15, and versions 6.0.x through 6.0.1 iFix4 IBM Rational Quality Manager (RQM) versions 3.0.x through 3.0.1.6 iFix7 Interim Fix 1, versions 4.0.x through 4.0.7 iFix10, versions 5.0.x through 5.0.2 iFix15, and versions 6.0.x through 6.0.1 iFix4 IBM Rational Team Concert (RTC) versions 3.0.x through 3.0.1.6 iFix7 Interim Fix 1, versions 4.0.x through 4.0.7 iFix10, versions 5.0.x through 5.0.2 iFix15, and versions 6.0.x through 6.0.1 iFix4 IBM Rational Requirements Composer (RRC) versions 3.0.x through 3.0.1.6 iFix7 Interim Fix 1 and versions 4.0.x through 4.0.7 iFix10 IBM Rational DOORS Next Generation (RDNG) versions 4.0.x through 4.0.7 iFix10, versions 5.0.x through 5.0.2 iFix15, and versions 6.0.x through 6.0.1 iFix4 IBM Rational Engineering Lifecycle Manager (RELM) version 4.0.3, version 4.0.4, version 4.0.5, version 4.0.6, and versions 4.0.7 through 4.0.7 iFix10, versions 5.0.x through 5.0.2 iFix1, and versions 6.0.x through 6.0.2 IBM Rational Rhapsody Design Manager (Rhapsody DM) versions 4.0.x through 4.0.7 iFix10, versions 5.0.x through 5.0.2 iFix15, and versions 6.0.x through 6.0.1 iFix4 IBM Rational Software Architect Design Manager (RSA DM) versions 4.0.x through 4.0.7 iFix10, versions 5.0.x through 5.0.2 iFix15, and versions 6.0.x through 6.0.1 iFix4
Description A cross-site scripting (XSS) issue allows remote authenticated users with project administrator privileges to inject arbitrary web script or HTML via a crafted project.
Recommendations For IBM Rational Collaborative Lifecycle Management (CLM) versions 3.0.1 through 3.0.1.6 iFix7 Interim Fix 1, apply iFix7 Interim Fix 1. For IBM Rational Collaborative Lifecycle Management (CLM) versions 4.0.x through 4.0.7 iFix10, apply iFix10. For IBM Rational Collaborative Lifecycle Management (CLM) versions 5.0.x through 5.0.2 iFix15, apply iFix15. For IBM Rational Collaborative Lifecycle Management (CLM) versions 6.0.x through 6.0.1 iFix4, apply iFix4. For IBM Rational Quality Manager (RQM) versions 3.0.x through 3.0.1.6 iFix7 Interim Fix 1, apply iFix7 Interim Fix 1. For IBM Rational Quality Manager (RQM) versions 4.0.x through 4.0.7 iFix10, apply iFix10. For IBM Rational Quality Manager (RQM) versions 5.0.x through 5.0.2 iFix15, apply iFix15. For IBM Rational Quality Manager (RQM) versions 6.0.x through 6.0.1 iFix4, apply iFix4. For IBM Rational Team Concert (RTC) versions 3.0.x through 3.0.1.6 iFix7 Interim Fix 1, apply iFix7 Interim Fix 1. For IBM Rational Team Concert (RTC) versions 4.0.x through 4.0.7 iFix10, apply iFix10. For IBM Rational Team Concert (RTC) versions 5.0.x through 5.0.2 iFix15, apply iFix15. For IBM Rational Team Concert (RTC) versions 6.0.x through 6.0.1 iFix4, apply iFix4. For IBM Rational Requirements Composer (RRC) versions 3.0.x through 3.0.1.6 iFix7 Interim Fix 1, apply iFix7 Interim Fix 1. For IBM Rational Requirements Composer (RRC) versions 4.0.x through 4.0.7 iFix10, apply iFix10. For IBM Rational DOORS Next Generation (RDNG) versions 4.0.x through 4.0.7 iFix10, apply iFix10. For IBM Rational DOORS Next Generation (RDNG) versions 5.0.x through 5.0.2 iFix15, apply iFix15. For IBM Rational DOORS Next Generation (RDNG) versions 6.0.x through 6.0.1 iFix4, apply iFix4. For IBM Rational Engineering Lifecycle Manager (RELM) version 4.0.3, version 4.0.4, version 4.0.5, version 4.0.6, and versions 4.0.7 through 4.0.7 iFix10, apply iFix10. For IBM Rational Engineering Lifecycle Manager (RELM) versions 5.0.x through 5.0.2 iFix1, apply iFix1. For IBM Rational Engineering Lifecycle Manager (RELM) versions 6.0.x through 6.0.2, apply the fix for version 6.0.2. For IBM Rational Rhapsody Design Manager (Rhapsody DM) versions 4.0.x through 4.0.7 iFix10, apply iFix10. For IBM Rational Rhapsody Design Manager (Rhapsody DM) versions 5.0.x through 5.0.2 iFix15, apply iFix15. For IBM Rational Rhapsody Design Manager (Rhapsody DM) versions 6.0.x through 6.0.1 iFix4, apply iFix4. For IBM Rational Software Architect Design Manager (RSA DM) versions 4.0.x through 4.0.7 iFix10, apply iFix10. For IBM Rational Software Architect Design Manager (RSA DM) versions 5.0.x through 5.0.2 iFix15, apply iFix15. For IBM Rational Software Architect Design Manager (RSA DM) versions 6.0.x through 6.0.1 iFix4, apply iFix4.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2015-7471

Affected Products

Ibm Rational Collaborative Lifecycle Management
Ibm Rational Doors Next Generation
Ibm Rational Engineering Lifecycle Manager
Ibm Rational Quality Manager
Ibm Rational Requirements Composer
Rational Rhapsody Design Manager
Ibm Rational Software Architect Design Manager
Ibm Rational Team Concert