CVE-2016-2864 Information

Feb 14, 2021 cve

Description

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix18 and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix18 and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix18 and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix18 and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 5.0 before 5.0.2 iFix18 and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix18 and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 5.0 before 5.0.2 iFix18 and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/94542 http://www-01.ibm.com/support/docview.wss?uid=swg21991478

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4

Share on: