CVE-2015-0122: XSS
First published: Fri Mar 13 2015(Updated: )
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0123.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Team Concert | =2.0.0.2 | |
| IBM Rational Team Concert | =3.0 | |
| IBM Rational Team Concert | =3.0.1 | |
| IBM Rational Team Concert | =3.0.1.1 | |
| IBM Rational Team Concert | =3.0.1.2 | |
| IBM Rational Team Concert | =3.0.1.3 | |
| IBM Rational Team Concert | =3.0.1.4 | |
| IBM Rational Team Concert | =3.0.1.5 | |
| IBM Rational Team Concert | =3.0.1.6 | |
| IBM Rational Team Concert | =4.0 | |
| IBM Rational Team Concert | =4.0.0.1 | |
| IBM Rational Team Concert | =4.0.0.2 | |
| IBM Rational Team Concert | =4.0.1 | |
| IBM Rational Team Concert | =4.0.2 | |
| IBM Rational Team Concert | =4.0.3 | |
| IBM Rational Team Concert | =4.0.4 | |
| IBM Rational Team Concert | =4.0.5 | |
| IBM Rational Team Concert | =4.0.6 | |
| IBM Rational Team Concert | =4.0.7 | |
| IBM Rational Team Concert | =5.0.0 | |
| IBM Rational Team Concert | =5.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0122?
CVE-2015-0122 has been classified as a moderate severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2015-0122?
To mitigate CVE-2015-0122, it's recommended to update IBM Rational Team Concert to version 3.0.1.6 iFix 5 or higher.
What versions of IBM Rational Team Concert are affected by CVE-2015-0122?
CVE-2015-0122 affects IBM Rational Team Concert versions 2.x, 3.x before 3.0.1.6, 4.x before 4.0.7, and 5.x before 5.0.2.
Who can exploit CVE-2015-0122?
CVE-2015-0122 can be exploited by remote authenticated users who can craft arbitrary URLs.
What type of vulnerability is CVE-2015-0122?
CVE-2015-0122 is a cross-site scripting (XSS) vulnerability, which allows the injection of arbitrary web scripts or HTML.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/remedy
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm rational team concert
- version/ibm rational team concert/2.0.0.2
- version/ibm rational team concert/3.0
- version/ibm rational team concert/3.0.1
- version/ibm rational team concert/3.0.1.1
- version/ibm rational team concert/3.0.1.2
- version/ibm rational team concert/3.0.1.3
- version/ibm rational team concert/3.0.1.4
- version/ibm rational team concert/3.0.1.5
- version/ibm rational team concert/3.0.1.6
- version/ibm rational team concert/4.0
- version/ibm rational team concert/4.0.0.1
- version/ibm rational team concert/4.0.0.2
- version/ibm rational team concert/4.0.1
- version/ibm rational team concert/4.0.2
- version/ibm rational team concert/4.0.3
- version/ibm rational team concert/4.0.4
- version/ibm rational team concert/4.0.5
- version/ibm rational team concert/4.0.6
- version/ibm rational team concert/4.0.7
- version/ibm rational team concert/5.0.0
- version/ibm rational team concert/5.0.1