Home Unlabelled IBM Security Bulletin: A security vulnerability for cross-site scripting affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-2986)

IBM Security Bulletin: A security vulnerability for cross-site scripting affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-2986)

By
Thursday, September 08, 2016
Read
Add Comment

This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), and Rational Rhapsody Design Manager (Rhapsody DM).

CVE(s): CVE-2016-2986

Affected product(s) and affected version(s):

Rational Collaborative Lifecycle Management 6.0.1 – 6.0.2

Rational Quality Manager 6.0.1 – 6.0.2
Rational Team Concert 6.0.1 – 6.0.2
Rational DOORS Next Generation 6.0.1 – 6.0.2
Rational Engineering Lifecycle Manager 6.0.1 – 6.0.2
Rational Rhapsody Design Manager 6.0.1 – 6.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2bVi5ZW
X-Force Database: http://ift.tt/2bWznLr



from IBM Product Security Incident Response Team http://ift.tt/2bViPOV
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us