CVE-2017-1365 — Cross-site Scripting in IBM Rational Collaborative Lifecycle Management

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 58.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Collaborative Lifecycle Management IBM Rational Doors Next Generation IBM Rational Engineering Lifecycle Manager +4 more

Timeline

PublishedDec 27

Latest updateMay 14

Description

IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages8 packages

▶NVDibm/rational_collaborative_lifecycle_management4.0.0 — 6.0.4

▶CVEListV5ibm/rational_collaborative_lifecycle_management17 versions+16

▶NVDibm/rational_team_concert4.0.0 — 4.0.7+2

▶NVDibm/rational_engineering_lifecycle_manager4.0.3 — 4.0.7+2

▶NVDibm/rational_quality_manager4.0.0 — 4.0.7+2

🔴Vulnerability Details

GHSA

GHSA-7c2p-p7h2-cpf5: IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4↗2022-05-14

▶

CVEList

CVE-2017-1365: IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4↗2017-12-27

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Edge Chakra JIT - 'GlobOpt::OptTagChecks' Must Consider IsLoopPrePass Properly↗2017-11-27

▶

💬Community

Bugzilla

CVE-2017-7502 nss: Null pointer dereference when handling empty SSLv2 messages↗2017-04-28

▶