CVE-2016-3014

EPSS 0.68%
Veröffentlicht 30.11.2016 11:59:23
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@us.ibm.com
Teams Watchlist Login
Unerledigt Login

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Rational Engineering Lifecycle Manager Version4.0.0

Ibm ≫ Rational Engineering Lifecycle Manager Version4.0.1

Ibm ≫ Rational Engineering Lifecycle Manager Version4.0.2

Ibm ≫ Rational Engineering Lifecycle Manager Version4.0.3

Ibm ≫ Rational Engineering Lifecycle Manager Version4.0.4

Ibm ≫ Rational Engineering Lifecycle Manager Version4.0.5

Ibm ≫ Rational Engineering Lifecycle Manager Version4.0.6

Ibm ≫ Rational Engineering Lifecycle Manager Version4.0.7

Ibm ≫ Rational Engineering Lifecycle Manager Version5.0.0

Ibm ≫ Rational Engineering Lifecycle Manager Version5.0.1

Ibm ≫ Rational Engineering Lifecycle Manager Version5.0.2

Ibm ≫ Rational Rhapsody Design Manager Version4.0

Ibm ≫ Rational Rhapsody Design Manager Version4.0.1

Ibm ≫ Rational Rhapsody Design Manager Version4.0.2

Ibm ≫ Rational Rhapsody Design Manager Version4.0.3

Ibm ≫ Rational Rhapsody Design Manager Version4.0.4

Ibm ≫ Rational Rhapsody Design Manager Version4.0.5

Ibm ≫ Rational Rhapsody Design Manager Version4.0.6

Ibm ≫ Rational Rhapsody Design Manager Version4.0.7

Ibm ≫ Rational Rhapsody Design Manager Version5.0.0

Ibm ≫ Rational Rhapsody Design Manager Version5.0.1

Ibm ≫ Rational Rhapsody Design Manager Version5.0.2

Ibm ≫ Rational Quality Manager Version4.0.0

Ibm ≫ Rational Quality Manager Version4.0.1

Ibm ≫ Rational Quality Manager Version4.0.2

Ibm ≫ Rational Quality Manager Version4.0.3

Ibm ≫ Rational Quality Manager Version4.0.4

Ibm ≫ Rational Quality Manager Version4.0.5

Ibm ≫ Rational Quality Manager Version4.0.6

Ibm ≫ Rational Quality Manager Version4.0.7

Ibm ≫ Rational Quality Manager Version5.0.0

Ibm ≫ Rational Quality Manager Version5.0.1

Ibm ≫ Rational Quality Manager Version5.0.2

Ibm ≫ Rational Software Architect Design Manager Version4.0.0

Ibm ≫ Rational Software Architect Design Manager Version4.0.1

Ibm ≫ Rational Software Architect Design Manager Version4.0.2

Ibm ≫ Rational Software Architect Design Manager Version4.0.3

Ibm ≫ Rational Software Architect Design Manager Version4.0.4

Ibm ≫ Rational Software Architect Design Manager Version4.0.5

Ibm ≫ Rational Software Architect Design Manager Version4.0.6

Ibm ≫ Rational Software Architect Design Manager Version4.0.7

Ibm ≫ Rational Software Architect Design Manager Version5.0.0

Ibm ≫ Rational Software Architect Design Manager Version5.0.1

Ibm ≫ Rational Software Architect Design Manager Version5.0.2

Ibm ≫ Rational Doors Next Generation Version4.0.0

Ibm ≫ Rational Doors Next Generation Version4.0.1

Ibm ≫ Rational Doors Next Generation Version4.0.2

Ibm ≫ Rational Doors Next Generation Version4.0.3

Ibm ≫ Rational Doors Next Generation Version4.0.4

Ibm ≫ Rational Doors Next Generation Version4.0.5

Ibm ≫ Rational Doors Next Generation Version4.0.6

Ibm ≫ Rational Doors Next Generation Version4.0.7

Ibm ≫ Rational Doors Next Generation Version5.0.0

Ibm ≫ Rational Doors Next Generation Version5.0.1

Ibm ≫ Rational Doors Next Generation Version5.0.2

Ibm ≫ Rational Team Concert Version4.0.0

Ibm ≫ Rational Team Concert Version4.0.1

Ibm ≫ Rational Team Concert Version4.0.2

Ibm ≫ Rational Team Concert Version4.0.3

Ibm ≫ Rational Team Concert Version4.0.4

Ibm ≫ Rational Team Concert Version4.0.5

Ibm ≫ Rational Team Concert Version4.0.6

Ibm ≫ Rational Team Concert Version4.0.7

Ibm ≫ Rational Team Concert Version5.0.0

Ibm ≫ Rational Team Concert Version5.0.1

Ibm ≫ Rational Team Concert Version5.0.2

Ibm ≫ Rational Collaborative Lifecycle Management Version4.0.0

Ibm ≫ Rational Collaborative Lifecycle Management Version4.0.1

Ibm ≫ Rational Collaborative Lifecycle Management Version4.0.2

Ibm ≫ Rational Collaborative Lifecycle Management Version4.0.3

Ibm ≫ Rational Collaborative Lifecycle Management Version4.0.4

Ibm ≫ Rational Collaborative Lifecycle Management Version4.0.5

Ibm ≫ Rational Collaborative Lifecycle Management Version4.0.6

Ibm ≫ Rational Collaborative Lifecycle Management Version4.0.7

Ibm ≫ Rational Collaborative Lifecycle Management Version5.0.0

Ibm ≫ Rational Collaborative Lifecycle Management Version5.0.1

Ibm ≫ Rational Collaborative Lifecycle Management Version5.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.68%	0.693

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www-01.ibm.com/support/docview.wss?uid=swg21992151

Vendor Advisory

http://www.securityfocus.com/bid/93515

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037025

http://www.securitytracker.com/id/1037026

http://www.securitytracker.com/id/1037027

http://www.securitytracker.com/id/1037028

https://nvd.nist.gov/vuln/detail/CVE-2016-3014

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-3014

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-3014

EUVD