Cross-Site Scripting Vulnerability in IBM Jazz Applications
CVE-2017-1237

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Rational Collaborative Lifecycle Management; Rational Doors Next Generation; Rational Engineering Lifecycle Manager; Rational Quality Manager
Vendor: CVE Published:; 28 June 2018

What is CVE-2017-1237?

IBM Jazz-based applications are exposed to a cross-site scripting flaw that enables malicious users to inject arbitrary JavaScript code into the web interface. This security flaw can lead to unintended manipulations of user sessions and, in some cases, may allow attackers to obtain sensitive credentials while users are logged in. Vigilance in updating and securing affected systems is essential to mitigate such risks.

Affected Version(s)

Rational Collaborative Lifecycle Management 6.0

Rational Collaborative Lifecycle Management 6.0.1

Rational Collaborative Lifecycle Management 6.0.2

References

https://www-prd-trops.events.ibm.com/node/715709

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/124355

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2018
Vulnerability Reserved
Nov 30, 2016