CVE-2016-2926

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
ibmrational_team_concert
3.0.1.6
ibmrational_team_concert
4.0.0
ibmrational_team_concert
4.0.1
ibmrational_team_concert
4.0.2
ibmrational_team_concert
4.0.3
ibmrational_team_concert
4.0.4
ibmrational_team_concert
4.0.5
ibmrational_team_concert
4.0.6
ibmrational_team_concert
4.0.7
ibmrational_team_concert
5.0.0
ibmrational_team_concert
5.0.1
ibmrational_team_concert
5.0.2
ibmrational_team_concert
6.0.0
ibmrational_team_concert
6.0.1
ibmrational_team_concert
6.0.2
ibmrational_rhapsody_design_manager
4.0
ibmrational_rhapsody_design_manager
4.0.1
ibmrational_rhapsody_design_manager
4.0.2
ibmrational_rhapsody_design_manager
4.0.3
ibmrational_rhapsody_design_manager
4.0.4
ibmrational_rhapsody_design_manager
4.0.5
ibmrational_rhapsody_design_manager
4.0.6
ibmrational_rhapsody_design_manager
4.0.7
ibmrational_rhapsody_design_manager
5.0.0
ibmrational_rhapsody_design_manager
5.0.1
ibmrational_rhapsody_design_manager
5.0.2
ibmrational_rhapsody_design_manager
6.0.0
ibmrational_rhapsody_design_manager
6.0.1
ibmrational_rhapsody_design_manager
6.0.2
ibmrational_engineering_lifecycle_manager
4.0.0
ibmrational_engineering_lifecycle_manager
4.0.1
ibmrational_engineering_lifecycle_manager
4.0.2
ibmrational_engineering_lifecycle_manager
4.0.3
ibmrational_engineering_lifecycle_manager
4.0.4
ibmrational_engineering_lifecycle_manager
4.0.5
ibmrational_engineering_lifecycle_manager
4.0.6
ibmrational_engineering_lifecycle_manager
4.0.7
ibmrational_engineering_lifecycle_manager
5.0.0
ibmrational_engineering_lifecycle_manager
5.0.1
ibmrational_engineering_lifecycle_manager
5.0.2
ibmrational_engineering_lifecycle_manager
6.0.0
ibmrational_engineering_lifecycle_manager
6.0.1
ibmrational_engineering_lifecycle_manager
6.0.2
ibmrational_quality_manager
3.0.1.6
ibmrational_quality_manager
4.0.0
ibmrational_quality_manager
4.0.1
ibmrational_quality_manager
4.0.2
ibmrational_quality_manager
4.0.3
ibmrational_quality_manager
4.0.4
ibmrational_quality_manager
4.0.5
ibmrational_quality_manager
4.0.6
ibmrational_quality_manager
4.0.7
ibmrational_quality_manager
5.0.0
ibmrational_quality_manager
5.0.1
ibmrational_quality_manager
5.0.2
ibmrational_quality_manager
6.0.0
ibmrational_quality_manager
6.0.1
ibmrational_quality_manager
6.0.2
ibmrational_collaborative_lifecycle_management
3.0.1.6
ibmrational_collaborative_lifecycle_management
4.0.0
ibmrational_collaborative_lifecycle_management
4.0.1
ibmrational_collaborative_lifecycle_management
4.0.2
ibmrational_collaborative_lifecycle_management
4.0.3
ibmrational_collaborative_lifecycle_management
4.0.4
ibmrational_collaborative_lifecycle_management
4.0.5
ibmrational_collaborative_lifecycle_management
4.0.6
ibmrational_collaborative_lifecycle_management
4.0.7
ibmrational_collaborative_lifecycle_management
5.0.0
ibmrational_collaborative_lifecycle_management
5.0.1
ibmrational_collaborative_lifecycle_management
5.0.2
ibmrational_collaborative_lifecycle_management
6.0.0
ibmrational_collaborative_lifecycle_management
6.0.1
ibmrational_collaborative_lifecycle_management
6.0.2
ibmrational_software_architect_design_manager
4.0.0
ibmrational_software_architect_design_manager
4.0.1
ibmrational_software_architect_design_manager
4.0.2
ibmrational_software_architect_design_manager
4.0.3
ibmrational_software_architect_design_manager
4.0.4
ibmrational_software_architect_design_manager
4.0.5
ibmrational_software_architect_design_manager
4.0.6
ibmrational_software_architect_design_manager
4.0.7
ibmrational_software_architect_design_manager
5.0.0
ibmrational_software_architect_design_manager
5.0.1
ibmrational_software_architect_design_manager
5.0.2
ibmrational_software_architect_design_manager
6.0.0
ibmrational_software_architect_design_manager
6.0.1
ibmrational_software_architect_design_manager
6.0.2
ibmrational_doors_next_generation
4.0.0
ibmrational_doors_next_generation
4.0.1
ibmrational_doors_next_generation
4.0.2
ibmrational_doors_next_generation
4.0.3
ibmrational_doors_next_generation
4.0.4
ibmrational_doors_next_generation
4.0.5
ibmrational_doors_next_generation
4.0.6
ibmrational_doors_next_generation
4.0.7
ibmrational_doors_next_generation
5.0.0
ibmrational_doors_next_generation
5.0.1
ibmrational_doors_next_generation
5.0.2
ibmrational_doors_next_generation
6.0.0
ibmrational_doors_next_generation
6.0.1
ibmrational_doors_next_generation
6.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21993444
http://www.securityfocus.com/bid/94146
http://www.securitytracker.com/id/1037276
http://www.securitytracker.com/id/1037277
http://www.securitytracker.com/id/1037278
http://www.securitytracker.com/id/1037279
http://www-01.ibm.com/support/docview.wss?uid=swg21993444
http://www.securityfocus.com/bid/94146
http://www.securitytracker.com/id/1037276
http://www.securitytracker.com/id/1037277
http://www.securitytracker.com/id/1037278
http://www.securitytracker.com/id/1037279