CVE-2016-6037 — Cross-site Scripting in Corporation Rational Collaborative Lifecycle Management

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 64.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Rational Collaborative Lifecycle Management IBM Rational Quality Manager IBM Rational Team Concert

Timeline

PublishedMay 10

Latest updateMay 17

Description

IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages3 packages

▶NVDibm/rational_team_concert15 versions+14

▶NVDibm/rational_quality_manager14 versions+13

▶CVEListV5ibm_corporation/rational_collaborative_lifecycle_management4.0.7, 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-mmwp-mp76-6x74: IBM Rational Team Concert (RTC) is vulnerable to HTML injection↗2022-05-17

▶

CVEList

CVE-2016-6037: IBM Rational Team Concert (RTC) is vulnerable to HTML injection↗2017-05-10

▶