CVE-2015-7471

EPSS 0.13%
Veröffentlicht 15.03.2018 22:29:00
Zuletzt bearbeitet 21.11.2024 02:36:51
Quelle psirt@us.ibm.com
Teams Watchlist Login
Unerledigt Login

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote authenticated users with project administrator privileges to inject arbitrary web script or HTML via a crafted project. IBM X-Force ID: 108429.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Rational Collaborative Lifecycle Management Version >= 3.0.1 <= 6.0.1

Ibm ≫ Rational Quality Manager Version >= 3.0 <= 3.0.1.6

Ibm ≫ Rational Quality Manager Version >= 4.0 <= 4.0.7

Ibm ≫ Rational Quality Manager Version5.0

Ibm ≫ Rational Quality Manager Version5.0.1

Ibm ≫ Rational Quality Manager Version5.0.2

Ibm ≫ Rational Quality Manager Version6.0

Ibm ≫ Rational Quality Manager Version6.0.1

Ibm ≫ Rational Team Concert Version >= 3.0 <= 3.0.6

Ibm ≫ Rational Team Concert Version >= 4.0 <= 4.0.7

Ibm ≫ Rational Team Concert Version5.0

Ibm ≫ Rational Team Concert Version5.0.1

Ibm ≫ Rational Team Concert Version5.0.2

Ibm ≫ Rational Team Concert Version6.0

Ibm ≫ Rational Team Concert Version6.0.1

Ibm ≫ Rational Requirements Composer Version >= 3.0 <= 3.0.1.6

Ibm ≫ Rational Requirements Composer Version >= 4.0 <= 4.0.7

Ibm ≫ Rational Doors Next Generation Version >= 4.0 <= 4.0.7

Ibm ≫ Rational Doors Next Generation Version5.0

Ibm ≫ Rational Doors Next Generation Version5.0.1

Ibm ≫ Rational Doors Next Generation Version5.0.2

Ibm ≫ Rational Doors Next Generation Version6.0.0

Ibm ≫ Rational Doors Next Generation Version6.0.1

Ibm ≫ Rational Engineering Lifecycle Manager Version >= 4.0.3 <= 4.0.7

Ibm ≫ Rational Engineering Lifecycle Manager Version5.0

Ibm ≫ Rational Engineering Lifecycle Manager Version5.0.1

Ibm ≫ Rational Engineering Lifecycle Manager Version5.0.2

Ibm ≫ Rational Engineering Lifecycle Manager Version6.0

Ibm ≫ Rational Engineering Lifecycle Manager Version6.0.1

Ibm ≫ Rational Rhapsody Design Manager Version >= 4.0 <= 4.0.7

Ibm ≫ Rational Rhapsody Design Manager Version5.0

Ibm ≫ Rational Rhapsody Design Manager Version5.0.1

Ibm ≫ Rational Rhapsody Design Manager Version5.0.2

Ibm ≫ Rational Rhapsody Design Manager Version6.0

Ibm ≫ Rational Rhapsody Design Manager Version6.0.1

Ibm ≫ Rational Software Architect Design Manager Version >= 4.0 <= 4.0.7

Ibm ≫ Rational Software Architect Design Manager Version5.0

Ibm ≫ Rational Software Architect Design Manager Version5.0.1

Ibm ≫ Rational Software Architect Design Manager Version5.0.2

Ibm ≫ Rational Software Architect Design Manager Version6.0

Ibm ≫ Rational Software Architect Design Manager Version6.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.295

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	1.7	2.7	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www-01.ibm.com/support/docview.wss?uid=swg21982747

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/108429

Vendor Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2015-7471

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7471

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7471

EUVD