Cross-Site Scripting Vulnerability in IBM Jazz Applications
CVE-2017-1237

5.4MEDIUM

Key Information:

Vendor

IBM
Status
Rational Collaborative Lifecycle Management
Rational Doors Next Generation
Rational Engineering Lifecycle Manager
Rational Quality Manager
Vendor
CVE Published:
28 June 2018

What is CVE-2017-1237?

IBM Jazz-based applications are exposed to a cross-site scripting flaw that enables malicious users to inject arbitrary JavaScript code into the web interface. This security flaw can lead to unintended manipulations of user sessions and, in some cases, may allow attackers to obtain sensitive credentials while users are logged in. Vigilance in updating and securing affected systems is essential to mitigate such risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Rational Collaborative Lifecycle Management 6.0

Rational Collaborative Lifecycle Management 6.0.1

Rational Collaborative Lifecycle Management 6.0.2

References

https://www-prd-trops.events.ibm.com/node/715709
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/124355
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.