CVE-2016-3014Cross-site Scripting in IBM Rational Collaborative Lifecycle Management

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.7%
top 28.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
IBM Rational Collaborative Lifecycle ManagementIBM Rational Doors Next GenerationIBM Rational Engineering Lifecycle Manager+4 more
Timeline
PublishedNov 30
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design M

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages7 packages

NVDibm/rational_quality_manager11 versions+10

🔴Vulnerability Details

3
GHSA
GHSA-xwpx-6r8v-wr73: Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 42022-05-17
CVEList
CVE-2016-3014: Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 42016-11-30
Kernel
mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]2016-11-24
CVE-2016-3014 — Cross-site Scripting in IBM | cvebase