Lucene search

K
ibmIBMA27047ED73E7AE4D822B59EB4E55C43E9EF28F36E8CF4AFFCD62BFF92FCC5593
HistoryApr 28, 2021 - 6:35 p.m.

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Rational® Quality Manager

2021-04-2818:35:50
www.ibm.com
6

EPSS

0.001

Percentile

40.9%

Summary

IBM® Rational® Quality Manager is vulnerable to multiple security vulnerabilities.

Vulnerability Details

CVEID: CVE-2017-1238 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124356&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2017-1242 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124524&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2017-1239 DESCRIPTION: IBM Quality Manager (RQM) could reveal sensitive information in HTTP 500 Internal Server Error responses.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124357&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2017-1329 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126231&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2017-1248 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124628&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Rational Collaborative Lifecycle Management 5.0 - 6.0.3

Rational Quality Manager 6.0 - 6.0.3
Rational Quality Manager 5.0 - 5.0.2

Remediation/Fixes

For the 6.0.x releases:

For the 5.x releases, upgrade to version 5.0.2 iFix26 or later

For any prior versions of the products listed above, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

If the iFix is not found in the Fix Portal please contact IBM Support.

Workarounds and Mitigations

None

EPSS

0.001

Percentile

40.9%

Related for A27047ED73E7AE4D822B59EB4E55C43E9EF28F36E8CF4AFFCD62BFF92FCC5593