Cross site scripting

2017-12-2716:29:00

PRIOn knowledge base

www.prio-n.com

5.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

19.1%

JSON

IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858.

CPENameOperatorVersion
rational_collaborative_lifecycle_managementge4.0.0
rational_collaborative_lifecycle_managementle6.0.4
rational_doors_next_generationge4.0.1
rational_doors_next_generationle4.0.7
rational_doors_next_generationge5.0.0
rational_doors_next_generationle5.0.2
rational_doors_next_generationge6.0.0
rational_doors_next_generationle6.0.4
rational_engineering_lifecycle_managerge4.0.3
rational_engineering_lifecycle_managerle4.0.7

Name	Operator	Version
rational_collaborative_lifecycle_management	ge	4.0.0
rational_collaborative_lifecycle_management	le	6.0.4
rational_doors_next_generation	ge	4.0.1
rational_doors_next_generation	le	4.0.7
rational_doors_next_generation	ge	5.0.0
rational_doors_next_generation	le	5.0.2
rational_doors_next_generation	ge	6.0.0
rational_doors_next_generation	le	6.0.4
rational_engineering_lifecycle_manager	ge	4.0.3
rational_engineering_lifecycle_manager	le	4.0.7