A Cross-site Scripting vulnerability affects the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational Requirements Composer (RRC), Rational DOORS Next Generation (RDNG), Rational Team Concert (RTC), and Rational Quality Manager (RQM).
CVEID: CVE-2015-0130**
DESCRIPTION:** IBM Jazz Foundation is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100543> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Rational Collaborative Lifecycle Management 4.0 - 5.0.2
Rational Quality Manager 4.0 - 4.0.7
Rational Quality Manager 5.0 - 5.0.2
Rational Team Concert 4.0 - 4.0.7
Rational Team Concert 5.0 - 5.0.2
Rational Requirements Composer 4.0 - 4.0.7
Rational DOORS Next Generation 4.0 - 4.0.7
Rational DOORS Next Generation 5.0 - 5.0.2
For the 5.x releases, upgrade to version 5.0.2 iFix5 or later
Rational DOORS Next Generation 5.0.2 iFix5
_
_For the 4.x releases, upgrade to version 4.0.7 iFix6 or later
None