CVE-2015-0130

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

3.5LOW

EPSS

0.2%

top 57.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Collaborative Lifecycle Management IBM Rational Doors Next Generation IBM Rational Quality Manager +2 more

Timeline

PublishedJul 20

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authe…

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages5 packages

▶NVDibm/rational_team_concert12 versions+11

▶NVDibm/rational_doors_next_generation10 versions+9

▶NVDibm/rational_collaborative_lifecycle_management10 versions+9

▶NVDibm/rational_quality_manager11 versions+10

▶NVDibm/rational_requirements_composer10 versions+9

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-vq39-x4rp-9f46: Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4↗2022-05-17

▶

CVEList

CVE-2015-0130: Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4↗2015-07-20

▶