CVE-2015-0125: XSS
First published: Wed Mar 18 2015(Updated: )
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 4.x before 4.0.7 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Requirements Composer | =4.0.0 | |
| IBM Rational Requirements Composer | =4.0.0.1 | |
| IBM Rational Requirements Composer | =4.0.0.2 | |
| IBM Rational Requirements Composer | =4.0.1 | |
| IBM Rational Requirements Composer | =4.0.2 | |
| IBM Rational Requirements Composer | =4.0.3 | |
| IBM Rational Requirements Composer | =4.0.4 | |
| IBM Rational Requirements Composer | =4.0.5 | |
| IBM Rational Requirements Composer | =4.0.6 | |
| IBM Rational Requirements Composer | =4.0.7 | |
| IBM Rational DOORS Next Generation | =4.0.0 | |
| IBM Rational DOORS Next Generation | =4.0.1 | |
| IBM Rational DOORS Next Generation | =4.0.2 | |
| IBM Rational DOORS Next Generation | =4.0.3 | |
| IBM Rational DOORS Next Generation | =4.0.4 | |
| IBM Rational DOORS Next Generation | =4.0.5 | |
| IBM Rational DOORS Next Generation | =4.0.6 | |
| IBM Rational DOORS Next Generation | =4.0.7 | |
| IBM Rational DOORS Next Generation | =5.0 | |
| IBM Rational DOORS Next Generation | =5.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0125?
CVE-2015-0125 is classified as a moderate severity vulnerability due to its potential impact on user data and session integrity.
How do I fix CVE-2015-0125?
To fix CVE-2015-0125, update IBM Rational DOORS Next Generation or IBM Rational Requirements Composer to version 4.0.7 iFix3 or higher for 4.x and 5.0.2 or higher for 5.x.
Who is affected by CVE-2015-0125?
Users of IBM Rational DOORS Next Generation versions 4.x below 4.0.7 iFix3 and 5.x below 5.0.2, as well as IBM Rational Requirements Composer versions 4.x below 4.0.7 iFix3 are affected by CVE-2015-0125.
What types of attacks can exploit CVE-2015-0125?
CVE-2015-0125 can be exploited for Cross-site Scripting (XSS) attacks, allowing attackers to inject malicious scripts through crafted URLs.
What are the consequences of exploiting CVE-2015-0125?
Exploiting CVE-2015-0125 can lead to unauthorized actions being performed on behalf of the user, data theft, or compromising user sessions.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/remedy
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- agent/source
- vendor/ibm
- canonical/ibm rational requirements composer
- version/ibm rational requirements composer/4.0.0
- version/ibm rational requirements composer/4.0.0.1
- version/ibm rational requirements composer/4.0.0.2
- version/ibm rational requirements composer/4.0.1
- version/ibm rational requirements composer/4.0.2
- version/ibm rational requirements composer/4.0.3
- version/ibm rational requirements composer/4.0.4
- version/ibm rational requirements composer/4.0.5
- version/ibm rational requirements composer/4.0.6
- version/ibm rational requirements composer/4.0.7
- canonical/ibm rational doors next generation
- version/ibm rational doors next generation/4.0.0
- version/ibm rational doors next generation/4.0.1
- version/ibm rational doors next generation/4.0.2
- version/ibm rational doors next generation/4.0.3
- version/ibm rational doors next generation/4.0.4
- version/ibm rational doors next generation/4.0.5
- version/ibm rational doors next generation/4.0.6
- version/ibm rational doors next generation/4.0.7
- version/ibm rational doors next generation/5.0
- version/ibm rational doors next generation/5.0.1