IBM076359083BA5AF709F5062A96F13367E0904EDD4D567C0622C6A4D14E6FEAC5CSecurity Bulletin: Rational Change can be affected by vulnerabilities in the IBM Eclipse Help System (CVE-2013-0464 and CVE-2013-0467)
EPSS
Percentile
65.1%
Summary
IBM Rational Change can be affected by two vulnerabilities (Cross-site scripting and Help systemโs source code disclosure by using a specially crafted URL) in the IBM Eclipse Help System (IEHS), which is used to display the IBM Rational Change help content.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
โ|โ
CVE ID:CVE-2013-0464
**Description:**Cross-Site Scripting vulnerability may enable malicious scripts to be injected into a victimโs context.
CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81060> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
**
CVE ID: **CVE-2013-0467
**Description:**The attack does not require specialized knowledge or techniques, but does require single instance authentication and network access. An exploit could impact the confidentiality of information, but the integrity of data and the availability of the system are not compromised.
CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81102> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Affected Products and Versions
IBM Rational Change 5.3.0.5
Remediation/Fixes
Upgrade to Rational Change Fix Pack 6 (5.3.0.6) for 5.3
Workarounds and Mitigations
None
Related
EPSS
Percentile
65.1%