IBM Security Bulletin: Cross-site scripting vulnerability in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology

Potential cross-site scripting vulnerability in the IBM Jazz Team Server affects the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), Rhapsody Model Manager, and Rational Software Architect (RSA DM).

CVE(s): CVE-2017-1653

Affected product(s) and affected version(s):

Rational Collaborative Lifecycle Management 6.0 – 6.0.4
Rational Quality Manager 6.0 – 6.0.4
Rational Team Concert 6.0 – 6.0.4
Rational DOORS Next Generation 6.0 – 6.0.4
Rational Engineering Lifecycle Manager 6.0 – 6.0.4
Rational Rhapsody Design Manager 6.0 – 6.0.4
Rational Software Architect Design Manager 6.0 – 6.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22012712
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133268

The post IBM Security Bulletin: Cross-site scripting vulnerability in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2BpjvJ6