PT-2018-5401 · Ibm · Ibm Quality Manager
Published
2018-07-06
·
Updated
2019-10-09
·
CVE-2017-1242
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
IBM Quality Manager (RQM) versions 5.0.x and 6.0 through 6.0.5
Description:
The issue allows a remote attacker to inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Recommendations:
For versions 5.0.x, update to a version that is not affected by this issue.
For versions 6.0 through 6.0.5, update to a version that is not affected by this issue.
As a temporary workaround, consider restricting access to the affected web interface to minimize the risk of exploitation.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Quality Manager