CVE-2017-1688Cross-site Scripting in IBM Rational Doors Next Generation

CWE-79Cross-site Scripting5 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 49.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Rational Doors Next Generation
Timeline
PublishedNov 27
Latest updateMay 17

Description

IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134063.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5ibm/rational_doors_next_generation5 versions+4

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-mwqw-cjg7-5g6x: IBM DOORS Next Generation (DNG/RRC) 62022-05-17
CVEList
CVE-2017-1688: IBM DOORS Next Generation (DNG/RRC) 62017-11-27

💬Community

1
Bugzilla
CVE-2017-7244 pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)2017-03-30
CVE-2017-1688 — Cross-site Scripting in IBM | cvebase