IBM Rational Change can be affected by two vulnerabilities (Cross-site scripting and Help systemโs source code disclosure by using a specially crafted URL) in the IBM Eclipse Help System (IEHS), which is used to display the IBM Rational Change help content.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID:CVE-2013-0464
**Description:**Cross-Site Scripting vulnerability may enable malicious scripts to be injected into a victimโs context.
CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81060> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
**
CVE ID: **CVE-2013-0467
**Description:**The attack does not require specialized knowledge or techniques, but does require single instance authentication and network access. An exploit could impact the confidentiality of information, but the integrity of data and the availability of the system are not compromised.
CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81102> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)
IBM Rational Change 5.3.0.5
Upgrade to Rational Change Fix Pack 6 (5.3.0.6) for 5.3
None