CVE-2014-0846: XSS
First published: Tue Mar 04 2014(Updated: )
Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational DOORS | =4.0.0 | |
| IBM Rational DOORS | =4.0.1 | |
| IBM Rational DOORS | =4.0.2 | |
| IBM Rational DOORS | =4.0.3 | |
| IBM Rational DOORS | =4.0.4 | |
| IBM Rational DOORS | =4.0.5 | |
| IBM Rational Requirements Composer | =3.0.1 | |
| IBM Rational Requirements Composer | =3.0.1.1 | |
| IBM Rational Requirements Composer | =3.0.1.2 | |
| IBM Rational Requirements Composer | =3.0.1.3 | |
| IBM Rational Requirements Composer | =3.0.1.4 | |
| IBM Rational Requirements Composer | =3.0.1.5 | |
| IBM Rational Requirements Composer | =3.0.1.6 | |
| IBM Rational Requirements Composer | =4.0.0 | |
| IBM Rational Requirements Composer | =4.0.0.1 | |
| IBM Rational Requirements Composer | =4.0.0.2 | |
| IBM Rational Requirements Composer | =4.0.1 | |
| IBM Rational Requirements Composer | =4.0.2 | |
| IBM Rational Requirements Composer | =4.0.3 | |
| IBM Rational Requirements Composer | =4.0.4 | |
| IBM Rational Requirements Composer | =4.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-0846?
The severity of CVE-2014-0846 is considered high due to its potential for allowing remote authenticated users to execute malicious scripts.
How do I fix CVE-2014-0846?
To fix CVE-2014-0846, users should update IBM Rational Requirements Composer and Rational DOORS Next Generation to the latest fixed versions.
Who is affected by CVE-2014-0846?
CVE-2014-0846 affects users of IBM Rational Requirements Composer versions before 3.0.1.6 iFix2 and IBM Rational DOORS Next Generation before 4.0.6.
What type of vulnerability is CVE-2014-0846?
CVE-2014-0846 is a cross-site scripting (XSS) vulnerability that allows injection of arbitrary web script or HTML.
Can CVE-2014-0846 be exploited remotely?
Yes, CVE-2014-0846 can be exploited remotely by authenticated users through crafted URLs.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/description
- agent/author
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm rational doors
- version/ibm rational doors/4.0.0
- version/ibm rational doors/4.0.1
- version/ibm rational doors/4.0.2
- version/ibm rational doors/4.0.3
- version/ibm rational doors/4.0.4
- version/ibm rational doors/4.0.5
- canonical/ibm rational requirements composer
- version/ibm rational requirements composer/3.0.1
- version/ibm rational requirements composer/3.0.1.1
- version/ibm rational requirements composer/3.0.1.2
- version/ibm rational requirements composer/3.0.1.3
- version/ibm rational requirements composer/3.0.1.4
- version/ibm rational requirements composer/3.0.1.5
- version/ibm rational requirements composer/3.0.1.6
- version/ibm rational requirements composer/4.0.0
- version/ibm rational requirements composer/4.0.0.1
- version/ibm rational requirements composer/4.0.0.2
- version/ibm rational requirements composer/4.0.1
- version/ibm rational requirements composer/4.0.2
- version/ibm rational requirements composer/4.0.3
- version/ibm rational requirements composer/4.0.4
- version/ibm rational requirements composer/4.0.5