CVE-2012-2160

Name of the Vulnerable Software and Affected Versions IBM Rational Change version 5.3

Description The issue is caused by improper validation of user-supplied input, leading to cross-site scripting. A remote attacker could exploit this using the SUPP TEMPLATE FLAG parameter in a specially-crafted URL to execute script in a victim's Web browser. This could allow the attacker to steal the victim's cookie-based authentication credentials. The vulnerability may also allow a remote attacker to disclose protected information about user credentials.

Recommendations For IBM Rational Change version 5.3, consider disabling the use of the SUPP TEMPLATE FLAG parameter in URLs until a patch is available. Restrict access to sensitive areas of the web application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.