Cross-Site Scripting Vulnerability in IBM Jazz Applications
CVE-2017-1237
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Status
- Vendor
- CVE Published:
- 28 June 2018
Summary
IBM Jazz-based applications are exposed to a cross-site scripting flaw that enables malicious users to inject arbitrary JavaScript code into the web interface. This security flaw can lead to unintended manipulations of user sessions and, in some cases, may allow attackers to obtain sensitive credentials while users are logged in. Vigilance in updating and securing affected systems is essential to mitigate such risks.
Affected Version(s)
Rational Collaborative Lifecycle Management 6.0
Rational Collaborative Lifecycle Management 6.0.1
Rational Collaborative Lifecycle Management 6.0.2
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved