Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM56642E74F99FF9BFE402D784926B61A294EB553C521A429B7FD576D3A8A1E2A6
HistorySep 10, 2020 - 3:49 p.m.

Security Bulletin: Vulnerability in IBM InfoSphere Data Architect Cross-Site Scripting affects Rational Software Architect, Rational Software Architect for WebSphere Software and Rational Software Architect RealTime (CVE-2015-7439)

2020-09-1015:49:00
www.ibm.com
13

EPSS

0.001

Percentile

46.7%

JSON

Summary

An IDA cross-site scripting vulnerability to an XSS attack in a web server was addressed by Rational Software Architect, Rational Software Architect for WebSphere Software and Rational Software Architect RealTime.

Vulnerability Details

CVEID: CVE-2015-7439 **
*DESCRIPTION: IBM InfoSphere Data Architect is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107990&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N )

Affected Products and Versions

Rational Software Architect, Rational Software Architect for WebSphere Software and Rational Software Architect RealTime: Ver 8.5 through 9.5

Remediation/Fixes

Product

|

Remediation/First Fix
—|—
Rational Software Architect| RSA_Cross-Site_Scripting_Vulnerability_iFix
Rational Software Architect for WebSphere Software (RSA4WS)| RSA4WS_Cross-Site_Scripting_Vulnerability_iFix
Rational Software Architect RealTime (RSART)| RSART_Cross-Site_Scripting_Vulnerability_iFix

Installation Instructions

Instructions to download and install the update from the compressed files

1. Download the update files from Fix Central by following the link listed in the above table
2. Exit Rational Software Architect (your version of the product)
3. Extract the compressed files in an appropriate directory. For example, choose to extract to C:\temp\update
4. Place the “xxxx_patch” folder (where xxx is installed product version such as 855 etc), along with its “features” and “plugins” subfolder contents, inside the <install_dir>/dropins/ (for example C:\Program Files\IBM\SDP\dropins) folder of your product installation directory.
5. Launch your product with “-clean” option and ‘Run As Administrator’.

Related

prion 1
ibm 3
cvelist 1
nvd 1
cve 1
prion
prion
Cross site scripting
2016-01-27 05:59:00
ibm
ibm
Security Bulletin: A security vulnerability has been identified in InfoSphere Data Architect (IDA) that allows remote attackers to inject arbitrary web script or HTML via a crafted URL. (CVE-2015-7439)
2018-06-16 13:38:20
Security Bulletin: A security vulnerability has been identified in IBM Rational Application Developer shipped with IBM Business Modeler (CVE-2015-7439)
2018-06-15 07:05:39
Security Bulletin: Cross-Site Scripting Vulnerability with the UML Vizualization tools
2020-02-05 00:09:48
cvelist
cvelist
CVE-2015-7439
2016-01-27 02:00:00
nvd
nvd
CVE-2015-7439
2016-01-27 05:59:00
cve
cve
CVE-2015-7439
2016-01-27 05:59:00

EPSS

0.001

Percentile

46.7%

JSON
Related for 56642E74F99FF9BFE402D784926B61A294EB553C521A429B7FD576D3A8A1E2A6
prion1ibm3cvelist1nvd1cve1