CVE-2017-1329Code Injection in IBM Rational Quality Manager

CWE-94Code Injection3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 67.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Rational Collaborative Lifecycle ManagementIBM Rational Quality Manager
Timeline
PublishedJul 6
Latest updateMay 13

Description

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

NVDibm/rational_quality_manager5.05.0.2+1
CVEListV5ibm/rational_quality_manager7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-4729-pmf7-c23h: IBM Quality Manager (RQM) 52022-05-13
CVEList
CVE-2017-1329: IBM Quality Manager (RQM) 52018-07-06
CVE-2017-1329 — Code Injection in IBM | cvebase