Cross-Site Scripting Vulnerability in IBM Jazz Applications
CVE-2017-1237

5.4MEDIUM

Summary

IBM Jazz-based applications are exposed to a cross-site scripting flaw that enables malicious users to inject arbitrary JavaScript code into the web interface. This security flaw can lead to unintended manipulations of user sessions and, in some cases, may allow attackers to obtain sensitive credentials while users are logged in. Vigilance in updating and securing affected systems is essential to mitigate such risks.

Affected Version(s)

Rational Collaborative Lifecycle Management 6.0

Rational Collaborative Lifecycle Management 6.0.1

Rational Collaborative Lifecycle Management 6.0.2

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.