CVE-2015-0128: XSS
First published: Wed Mar 18 2015(Updated: )
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0124.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Quality Manager | =2.0 | |
| IBM Rational Quality Manager | =2.0.0.1 | |
| IBM Rational Quality Manager | =2.0.0.2 | |
| IBM Rational Quality Manager | =2.0.1 | |
| IBM Rational Quality Manager | =2.0.1.1 | |
| IBM Rational Quality Manager | =3.0 | |
| IBM Rational Quality Manager | =3.0.1 | |
| IBM Rational Quality Manager | =3.0.1.1 | |
| IBM Rational Quality Manager | =3.0.1.2 | |
| IBM Rational Quality Manager | =3.0.1.3 | |
| IBM Rational Quality Manager | =3.0.1.4 | |
| IBM Rational Quality Manager | =3.0.1.5 | |
| IBM Rational Quality Manager | =3.0.1.6 | |
| IBM Rational Quality Manager | =4.0 | |
| IBM Rational Quality Manager | =4.0.0.1 | |
| IBM Rational Quality Manager | =4.0.0.2 | |
| IBM Rational Quality Manager | =4.0.1 | |
| IBM Rational Quality Manager | =4.0.2 | |
| IBM Rational Quality Manager | =4.0.3 | |
| IBM Rational Quality Manager | =4.0.4 | |
| IBM Rational Quality Manager | =4.0.5 | |
| IBM Rational Quality Manager | =4.0.6 | |
| IBM Rational Quality Manager | =4.0.7 | |
| IBM Rational Quality Manager | =5.0.0 | |
| IBM Rational Quality Manager | =5.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0128?
CVE-2015-0128 is rated as a medium severity vulnerability due to its potential for exploitation via cross-site scripting (XSS).
How do I fix CVE-2015-0128?
To fix CVE-2015-0128, update IBM Rational Quality Manager to at least version 3.0.1.6, 4.0.7, or 5.0.2 which contains the appropriate patches.
Who can be affected by CVE-2015-0128?
CVE-2015-0128 affects remote authenticated users of IBM Rational Quality Manager versions 2.x to 5.x prior to the specified patched versions.
What impact does CVE-2015-0128 have on users?
The exploitation of CVE-2015-0128 allows attackers to inject arbitrary web scripts or HTML, potentially compromising user data and sessions.
What products are vulnerable to CVE-2015-0128?
Vulnerable products include IBM Rational Quality Manager versions 2.x, 3.x, 4.x, and 5.x before their respective fixes.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/remedy
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm rational quality manager
- version/ibm rational quality manager/2.0
- version/ibm rational quality manager/2.0.0.1
- version/ibm rational quality manager/2.0.0.2
- version/ibm rational quality manager/2.0.1
- version/ibm rational quality manager/2.0.1.1
- version/ibm rational quality manager/3.0
- version/ibm rational quality manager/3.0.1
- version/ibm rational quality manager/3.0.1.1
- version/ibm rational quality manager/3.0.1.2
- version/ibm rational quality manager/3.0.1.3
- version/ibm rational quality manager/3.0.1.4
- version/ibm rational quality manager/3.0.1.5
- version/ibm rational quality manager/3.0.1.6
- version/ibm rational quality manager/4.0
- version/ibm rational quality manager/4.0.0.1
- version/ibm rational quality manager/4.0.0.2
- version/ibm rational quality manager/4.0.1
- version/ibm rational quality manager/4.0.2
- version/ibm rational quality manager/4.0.3
- version/ibm rational quality manager/4.0.4
- version/ibm rational quality manager/4.0.5
- version/ibm rational quality manager/4.0.6
- version/ibm rational quality manager/4.0.7
- version/ibm rational quality manager/5.0.0
- version/ibm rational quality manager/5.0.1