CVE-2015-1928 Information
Description
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9 5.x before 5.0.2 IF11 and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7 4.x before 4.0.7 IF9 5.x before 5.0.2 IF11 and 6.0 before 6.0.0 IF4; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7 4.x before 4.0.7 IF9 5.x before 5.0.2 IF11 and 6.0 before 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9 5.x before 5.0.2 IF11 and 6.0 before 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 through 4.0.7 5.0 through 5.0.2 and 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 through 4.0.7 5.0 through 5.0.2 and 6.0.0; and Rational Software Architect Design Manager (DM) 4.0 through 4.0.7 5.0 through 5.0.2 and 6.0.0 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Reference
http://www.securitytracker.com/id/1034565 http://www.securitytracker.com/id/1034566 http://www.securitytracker.com/id/1034567 http://www.securitytracker.com/id/1034568 http://www-01.ibm.com/support/docview.wss?uid=swg21973200
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
6.8
Share on: