Some scripts in the help system used by IBM Rational Change are vulnerable to open redirect or cross-site scripting attacks.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID:CVE-2012-2159** **
**Description:**Some scripts used by the help system are vulnerable to redirects from trusted to untrusted web sites when users click a malicious link.
**CVSS Base Score:**4.3
**CVSS Temporal Score:*See <https://exchange.xforce.ibmcloud.com/vulnerabilities/74832> for the current score
CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
**
CVE ID: CVE-2012-2161 **
**Description:**Some scripts used by the help system are vulnerable to cross-site scripting attacks. An attacker could potentially exploit this vulnerability to collect user credentials or cookie data when users click a malicious link.
** **CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/74833> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Any supported Rational Change Web Help platform
Upgrade to Rational Change Fix Pack 4 (5.3.0.4) for 5.3 or later.
Workaround: Use Rational Change remote help which connects to the Rational Change Information Center.
Mitigation: Do not trust URL links to the Rational Change Help system given by untrusted users. Examine the URL for extra parameters and text that are not related to the Rational Change Web Help system.
CPE | Name | Operator | Version |
---|---|---|---|
rational change | eq | 5.3.0.4 |