IBM Security Bulletin: A security vulnerability for cross-site scripting affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-2986)
This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), and Rational Rhapsody Design Manager (Rhapsody DM).
CVE(s): CVE-2016-2986
Affected product(s) and affected version(s):
Rational Collaborative Lifecycle Management 6.0.1 – 6.0.2
Rational Quality Manager 6.0.1 – 6.0.2
Rational Team Concert 6.0.1 – 6.0.2
Rational DOORS Next Generation 6.0.1 – 6.0.2
Rational Engineering Lifecycle Manager 6.0.1 – 6.0.2
Rational Rhapsody Design Manager 6.0.1 – 6.0.2
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2bVi5ZW
X-Force Database: http://ift.tt/2bWznLr
from IBM Product Security Incident Response Team http://ift.tt/2bViPOV