IBM0F8D99C4FF41D4C9ED7C775D1547E8B2EC13A1CE1C988B788D0ED4F59D8A25CESecurity Bulletin: Cross-Site Scripting vulnerability in IBM Rational Quality Manager (CVE-2014-4801)
EPSS
Percentile
27.4%
Summary
IBM Quality Manager has a cross-site scripting vulnerability.
Vulnerability Details
CVEID:_CVE-2014-4801 _
Description: IBM Rational Quality Manager is vulnerable to cross-site scripting, caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 3.5 **CVSS Temporal Score:**See xforce.iss.net/xforce/xfdb/95303 for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Affected Products and Versions
Rational Quality Manager 2.0 - 2.0.1
Rational Quality Manager 3.0 - 3.0.1.6 iFix3
Rational Quality Manager 4.0 - 4.0.7 iFix1
Rational Quality Manager 5.0
Remediation/Fixes
A fix is available by upgrading to a 5.01 or 5.0.2 or later.
For the 4.x releases upgrade to version 4.0.7 iFix 3 or later.
For the 3.x releases upgrade to version 3.0.1.6 iFix 4 or later.
For the 2.x releases, contact IBM support for additional details on the fix.
Workarounds and Mitigations
None
Related
EPSS
Percentile
27.4%