Skip to main content

Rational Collaborative Lifecycle Management CVE-2016-0331

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2016-09-12 psirt@us.ibm.com
5.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 12, 2016 - 10:59 cve.org
MEDIUM 5.4

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

AnalysisAI

Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Affected products include: Ibm Rational Collaborative Lifecycle Management, Ibm Rational Team Concert. Version information: before 6.0.2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2014-0862 CRITICAL
10.0 Mar 02

Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.

CVE-2017-1099 MEDIUM
4.3 Jun 13

IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error cond

CVE-2016-0326 HIGH
8.8 Oct 22

IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.

CVE-2016-9707 HIGH
8.1 Mar 31

IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when pr

CVE-2021-29774 HIGH
7.5 Oct 27

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configuratio

CVE-2019-4252 HIGH
7.5 Jun 27

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directorie

CVE-2015-1928 MEDIUM
6.8 Jan 02

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF

CVE-2016-2981 MEDIUM
6.8 Mar 20

An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user crede

CVE-2018-1492 MEDIUM
6.8 Jul 10

IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the

CVE-2016-2865 MEDIUM
6.5 Jul 15

The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and

CVE-2021-29786 MEDIUM
6.5 Oct 27

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. Rated me

CVE-2018-1423 MEDIUM
6.5 Jul 10

IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in fur

Share

CVE-2016-0331 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy