HTML Injection Vulnerability in IBM Rational Products
CVE-2017-1753
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Status
- Vendor
- CVE Published:
- 20 August 2018
Summary
Multiple IBM Rational products are at risk due to a vulnerability that allows for HTML injection. This issue enables a remote attacker to inject malicious HTML code, which can be executed in the victim's web browser when the compromised content is viewed. This could lead to unauthorized actions and data leakage in the context of the hosting site.
Affected Version(s)
Rational Collaborative Lifecycle Management 5.0
Rational Collaborative Lifecycle Management 5.0.1
Rational Collaborative Lifecycle Management 5.0.2
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved