CVE-2015-0123: XSS
First published: Fri Mar 13 2015(Updated: )
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0122.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Team Concert | =2.0.0.2 | |
| IBM Rational Team Concert | =3.0 | |
| IBM Rational Team Concert | =3.0.1 | |
| IBM Rational Team Concert | =3.0.1.1 | |
| IBM Rational Team Concert | =3.0.1.2 | |
| IBM Rational Team Concert | =3.0.1.3 | |
| IBM Rational Team Concert | =3.0.1.4 | |
| IBM Rational Team Concert | =3.0.1.5 | |
| IBM Rational Team Concert | =3.0.1.6 | |
| IBM Rational Team Concert | =4.0 | |
| IBM Rational Team Concert | =4.0.0.1 | |
| IBM Rational Team Concert | =4.0.0.2 | |
| IBM Rational Team Concert | =4.0.1 | |
| IBM Rational Team Concert | =4.0.2 | |
| IBM Rational Team Concert | =4.0.3 | |
| IBM Rational Team Concert | =4.0.4 | |
| IBM Rational Team Concert | =4.0.5 | |
| IBM Rational Team Concert | =4.0.6 | |
| IBM Rational Team Concert | =4.0.7 | |
| IBM Rational Team Concert | =5.0.0 | |
| IBM Rational Team Concert | =5.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0123?
CVE-2015-0123 has a medium severity rating, as it allows authenticated users to exploit the application through cross-site scripting.
How do I fix CVE-2015-0123?
To fix CVE-2015-0123, upgrade to IBM Rational Team Concert version 3.0.1.6 iFix 5, 4.0.7 iFix 3, or 5.0.2 or later.
Who is affected by CVE-2015-0123?
CVE-2015-0123 affects users of IBM Rational Team Concert versions 2.x, 3.x, 4.x, and 5.x prior to the specified updates.
What types of attacks can CVE-2015-0123 facilitate?
CVE-2015-0123 can enable attackers to perform cross-site scripting attacks, potentially leading to session hijacking or redirection.
How can I determine if my system is vulnerable to CVE-2015-0123?
To determine if your system is vulnerable to CVE-2015-0123, check the version of IBM Rational Team Concert installed against the patched versions.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/remedy
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/ibm
- canonical/ibm rational team concert
- version/ibm rational team concert/2.0.0.2
- version/ibm rational team concert/3.0
- version/ibm rational team concert/3.0.1
- version/ibm rational team concert/3.0.1.1
- version/ibm rational team concert/3.0.1.2
- version/ibm rational team concert/3.0.1.3
- version/ibm rational team concert/3.0.1.4
- version/ibm rational team concert/3.0.1.5
- version/ibm rational team concert/3.0.1.6
- version/ibm rational team concert/4.0
- version/ibm rational team concert/4.0.0.1
- version/ibm rational team concert/4.0.0.2
- version/ibm rational team concert/4.0.1
- version/ibm rational team concert/4.0.2
- version/ibm rational team concert/4.0.3
- version/ibm rational team concert/4.0.4
- version/ibm rational team concert/4.0.5
- version/ibm rational team concert/4.0.6
- version/ibm rational team concert/4.0.7
- version/ibm rational team concert/5.0.0
- version/ibm rational team concert/5.0.1