CVE-2017-1245 — Cross-site Scripting in IBM Rational Rhapsody Design Manager
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 58.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 24
Latest updateMay 17
Description
IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124580.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7