CVE-2017-1248Code Injection in IBM Rational Quality Manager

CWE-94Code Injection3 documents3 sources
Severity
6.1MEDIUMNVD
CNA5.4
EPSS
0.2%
top 60.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Rational Collaborative Lifecycle ManagementIBM Rational Quality Manager
Timeline
PublishedJul 6
Latest updateMay 13

Description

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDibm/rational_quality_manager5.05.0.2+1
CVEListV5ibm/rational_quality_manager7 versions+6

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-pwxw-wm47-24w6: IBM Quality Manager (RQM) 52022-05-13
CVEList
CVE-2017-1248: IBM Quality Manager (RQM) 52018-07-06
CVE-2017-1248 — Code Injection in IBM | cvebase