CVE-2017-1365
27.12.2017, 16:29
IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858.
| Vendor | Product | Version |
|---|---|---|
| ibm | rational_collaborative_lifecycle_management | 4.0.0 ≤ 𝑥 ≤ 6.0.4 |
| ibm | rational_quality_manager | 4.0.0 ≤ 𝑥 ≤ 4.0.7 |
| ibm | rational_quality_manager | 5.0.0 ≤ 𝑥 ≤ 5.0.2 |
| ibm | rational_quality_manager | 6.0.0 ≤ 𝑥 ≤ 6.0.4 |
| ibm | rational_team_concert | 4.0.0 ≤ 𝑥 ≤ 4.0.7 |
| ibm | rational_team_concert | 5.0.0 ≤ 𝑥 ≤ 5.0.2 |
| ibm | rational_team_concert | 6.0.0 ≤ 𝑥 ≤ 6.0.4 |
| ibm | rational_doors_next_generation | 4.0.1 ≤ 𝑥 ≤ 4.0.7 |
| ibm | rational_doors_next_generation | 5.0.0 ≤ 𝑥 ≤ 5.0.2 |
| ibm | rational_doors_next_generation | 6.0.0 ≤ 𝑥 ≤ 6.0.4 |
| ibm | rational_engineering_lifecycle_manager | 4.0.3 ≤ 𝑥 ≤ 4.0.7 |
| ibm | rational_engineering_lifecycle_manager | 5.0.0 ≤ 𝑥 ≤ 5.0.2 |
| ibm | rational_engineering_lifecycle_manager | 6.0.0 ≤ 𝑥 ≤ 6.0.4 |
| ibm | rational_rhapsody_design_manager | 4.0.0 ≤ 𝑥 ≤ 4.0.7 |
| ibm | rational_rhapsody_design_manager | 5.0.0 ≤ 𝑥 ≤ 5.0.2 |
| ibm | rational_rhapsody_design_manager | 6.0.0 ≤ 𝑥 ≤ 6.0.4 |
| ibm | rational_software_architect_design_manager | 4.0.0 ≤ 𝑥 ≤ 4.0.7 |
| ibm | rational_software_architect_design_manager | 5.0.0 |
| ibm | rational_software_architect_design_manager | 5.0.1 |
| ibm | rational_software_architect_design_manager | 5.0.2 |
| ibm | rational_software_architect_design_manager | 6.0.0 |
| ibm | rational_software_architect_design_manager | 6.0.1 |
𝑥
= Vulnerable software versions