CVE-2016-0273: XSS
First published: Thu Nov 24 2016(Updated: )
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational DOORS | =4.0.0 | |
| IBM Rational DOORS | =4.0.1 | |
| IBM Rational DOORS | =4.0.2 | |
| IBM Rational DOORS | =4.0.3 | |
| IBM Rational DOORS | =4.0.4 | |
| IBM Rational DOORS | =4.0.5 | |
| IBM Rational DOORS | =4.0.6 | |
| IBM Rational DOORS | =4.0.7 | |
| IBM Rational DOORS | =5.0.0 | |
| IBM Rational DOORS | =5.0.1 | |
| IBM Rational DOORS | =5.0.2 | |
| IBM Rational DOORS | =6.0.0 | |
| IBM Rational DOORS | =6.0.1 | |
| IBM Rational DOORS | =6.0.2 | |
| IBM Engineering Lifecycle Manager | =4.0.0 | |
| IBM Engineering Lifecycle Manager | =4.0.1 | |
| IBM Engineering Lifecycle Manager | =4.0.2 | |
| IBM Engineering Lifecycle Manager | =4.0.3 | |
| IBM Engineering Lifecycle Manager | =4.0.4 | |
| IBM Engineering Lifecycle Manager | =4.0.5 | |
| IBM Engineering Lifecycle Manager | =4.0.6 | |
| IBM Engineering Lifecycle Manager | =4.0.7 | |
| IBM Engineering Lifecycle Manager | =5.0.0 | |
| IBM Engineering Lifecycle Manager | =5.0.1 | |
| IBM Engineering Lifecycle Manager | =5.0.2 | |
| IBM Engineering Lifecycle Manager | =6.0.0 | |
| IBM Engineering Lifecycle Manager | =6.0.1 | |
| IBM Engineering Lifecycle Manager | =6.0.2 | |
| IBM Collaborative Lifecycle Management | =3.0.1.6 | |
| IBM Collaborative Lifecycle Management | =4.0.0 | |
| IBM Collaborative Lifecycle Management | =4.0.1 | |
| IBM Collaborative Lifecycle Management | =4.0.2 | |
| IBM Collaborative Lifecycle Management | =4.0.3 | |
| IBM Collaborative Lifecycle Management | =4.0.4 | |
| IBM Collaborative Lifecycle Management | =4.0.5 | |
| IBM Collaborative Lifecycle Management | =4.0.6 | |
| IBM Collaborative Lifecycle Management | =4.0.7 | |
| IBM Collaborative Lifecycle Management | =5.0.0 | |
| IBM Collaborative Lifecycle Management | =5.0.1 | |
| IBM Collaborative Lifecycle Management | =5.0.2 | |
| IBM Collaborative Lifecycle Management | =6.0.0 | |
| IBM Collaborative Lifecycle Management | =6.0.1 | |
| IBM Collaborative Lifecycle Management | =6.0.2 | |
| IBM Rational Quality Manager | =3.0.1.6 | |
| IBM Rational Quality Manager | =4.0.0 | |
| IBM Rational Quality Manager | =4.0.1 | |
| IBM Rational Quality Manager | =4.0.2 | |
| IBM Rational Quality Manager | =4.0.3 | |
| IBM Rational Quality Manager | =4.0.4 | |
| IBM Rational Quality Manager | =4.0.5 | |
| IBM Rational Quality Manager | =4.0.6 | |
| IBM Rational Quality Manager | =4.0.7 | |
| IBM Rational Quality Manager | =5.0.0 | |
| IBM Rational Quality Manager | =5.0.1 | |
| IBM Rational Quality Manager | =5.0.2 | |
| IBM Rational Quality Manager | =6.0.0 | |
| IBM Rational Quality Manager | =6.0.1 | |
| IBM Rational Quality Manager | =6.0.2 | |
| IBM Rational Software Architect | =4.0.0 | |
| IBM Rational Software Architect | =4.0.1 | |
| IBM Rational Software Architect | =4.0.2 | |
| IBM Rational Software Architect | =4.0.3 | |
| IBM Rational Software Architect | =4.0.4 | |
| IBM Rational Software Architect | =4.0.5 | |
| IBM Rational Software Architect | =4.0.6 | |
| IBM Rational Software Architect | =4.0.7 | |
| IBM Rational Software Architect | =5.0.0 | |
| IBM Rational Software Architect | =5.0.1 | |
| IBM Rational Software Architect | =5.0.2 | |
| IBM Rational Software Architect | =6.0.0 | |
| IBM Rational Software Architect | =6.0.1 | |
| IBM Rational Software Architect | =6.0.2 | |
| IBM Rational Rhapsody | =4.0 | |
| IBM Rational Rhapsody | =4.0.1 | |
| IBM Rational Rhapsody | =4.0.2 | |
| IBM Rational Rhapsody | =4.0.3 | |
| IBM Rational Rhapsody | =4.0.4 | |
| IBM Rational Rhapsody | =4.0.5 | |
| IBM Rational Rhapsody | =4.0.6 | |
| IBM Rational Rhapsody | =4.0.7 | |
| IBM Rational Rhapsody | =5.0.0 | |
| IBM Rational Rhapsody | =5.0.1 | |
| IBM Rational Rhapsody | =5.0.2 | |
| IBM Rational Rhapsody | =6.0.0 | |
| IBM Rational Rhapsody | =6.0.1 | |
| IBM Rational Rhapsody | =6.0.2 | |
| IBM Rational Team Concert | =3.0.1.6 | |
| IBM Rational Team Concert | =4.0.0 | |
| IBM Rational Team Concert | =4.0.1 | |
| IBM Rational Team Concert | =4.0.2 | |
| IBM Rational Team Concert | =4.0.3 | |
| IBM Rational Team Concert | =4.0.4 | |
| IBM Rational Team Concert | =4.0.5 | |
| IBM Rational Team Concert | =4.0.6 | |
| IBM Rational Team Concert | =4.0.7 | |
| IBM Rational Team Concert | =5.0.0 | |
| IBM Rational Team Concert | =5.0.1 | |
| IBM Rational Team Concert | =5.0.2 | |
| IBM Rational Team Concert | =6.0.0 | |
| IBM Rational Team Concert | =6.0.1 | |
| IBM Rational Team Concert | =6.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-0273?
The severity of CVE-2016-0273 is moderate and related to a cross-site scripting vulnerability in IBM products.
How do I fix CVE-2016-0273?
To fix CVE-2016-0273, apply the relevant iFix updates for the affected versions of IBM Rational Collaborative Lifecycle Management and related products.
Which IBM products are affected by CVE-2016-0273?
CVE-2016-0273 affects various versions of IBM Rational Collaborative Lifecycle Management, Rational Quality Manager, and several related products.
When was CVE-2016-0273 disclosed?
CVE-2016-0273 was publicly disclosed in January 2016.
Are there any workarounds for CVE-2016-0273 before patching?
Temporary workarounds for CVE-2016-0273 are not specified but may include limiting user access and ensuring input validation.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm rational doors
- version/ibm rational doors/4.0.0
- version/ibm rational doors/4.0.1
- version/ibm rational doors/4.0.2
- version/ibm rational doors/4.0.3
- version/ibm rational doors/4.0.4
- version/ibm rational doors/4.0.5
- version/ibm rational doors/4.0.6
- version/ibm rational doors/4.0.7
- version/ibm rational doors/5.0.0
- version/ibm rational doors/5.0.1
- version/ibm rational doors/5.0.2
- version/ibm rational doors/6.0.0
- version/ibm rational doors/6.0.1
- version/ibm rational doors/6.0.2
- canonical/ibm engineering lifecycle manager
- version/ibm engineering lifecycle manager/4.0.0
- version/ibm engineering lifecycle manager/4.0.1
- version/ibm engineering lifecycle manager/4.0.2
- version/ibm engineering lifecycle manager/4.0.3
- version/ibm engineering lifecycle manager/4.0.4
- version/ibm engineering lifecycle manager/4.0.5
- version/ibm engineering lifecycle manager/4.0.6
- version/ibm engineering lifecycle manager/4.0.7
- version/ibm engineering lifecycle manager/5.0.0
- version/ibm engineering lifecycle manager/5.0.1
- version/ibm engineering lifecycle manager/5.0.2
- version/ibm engineering lifecycle manager/6.0.0
- version/ibm engineering lifecycle manager/6.0.1
- version/ibm engineering lifecycle manager/6.0.2
- canonical/ibm collaborative lifecycle management
- version/ibm collaborative lifecycle management/3.0.1.6
- version/ibm collaborative lifecycle management/4.0.0
- version/ibm collaborative lifecycle management/4.0.1
- version/ibm collaborative lifecycle management/4.0.2
- version/ibm collaborative lifecycle management/4.0.3
- version/ibm collaborative lifecycle management/4.0.4
- version/ibm collaborative lifecycle management/4.0.5
- version/ibm collaborative lifecycle management/4.0.6
- version/ibm collaborative lifecycle management/4.0.7
- version/ibm collaborative lifecycle management/5.0.0
- version/ibm collaborative lifecycle management/5.0.1
- version/ibm collaborative lifecycle management/5.0.2
- version/ibm collaborative lifecycle management/6.0.0
- version/ibm collaborative lifecycle management/6.0.1
- version/ibm collaborative lifecycle management/6.0.2
- canonical/ibm rational quality manager
- version/ibm rational quality manager/3.0.1.6
- version/ibm rational quality manager/4.0.0
- version/ibm rational quality manager/4.0.1
- version/ibm rational quality manager/4.0.2
- version/ibm rational quality manager/4.0.3
- version/ibm rational quality manager/4.0.4
- version/ibm rational quality manager/4.0.5
- version/ibm rational quality manager/4.0.6
- version/ibm rational quality manager/4.0.7
- version/ibm rational quality manager/5.0.0
- version/ibm rational quality manager/5.0.1
- version/ibm rational quality manager/5.0.2
- version/ibm rational quality manager/6.0.0
- version/ibm rational quality manager/6.0.1
- version/ibm rational quality manager/6.0.2
- canonical/ibm rational software architect
- version/ibm rational software architect/4.0.0
- version/ibm rational software architect/4.0.1
- version/ibm rational software architect/4.0.2
- version/ibm rational software architect/4.0.3
- version/ibm rational software architect/4.0.4
- version/ibm rational software architect/4.0.5
- version/ibm rational software architect/4.0.6
- version/ibm rational software architect/4.0.7
- version/ibm rational software architect/5.0.0
- version/ibm rational software architect/5.0.1
- version/ibm rational software architect/5.0.2
- version/ibm rational software architect/6.0.0
- version/ibm rational software architect/6.0.1
- version/ibm rational software architect/6.0.2
- canonical/ibm rational rhapsody
- version/ibm rational rhapsody/4.0
- version/ibm rational rhapsody/4.0.1
- version/ibm rational rhapsody/4.0.2
- version/ibm rational rhapsody/4.0.3
- version/ibm rational rhapsody/4.0.4
- version/ibm rational rhapsody/4.0.5
- version/ibm rational rhapsody/4.0.6
- version/ibm rational rhapsody/4.0.7
- version/ibm rational rhapsody/5.0.0
- version/ibm rational rhapsody/5.0.1
- version/ibm rational rhapsody/5.0.2
- version/ibm rational rhapsody/6.0.0
- version/ibm rational rhapsody/6.0.1
- version/ibm rational rhapsody/6.0.2
- canonical/ibm rational team concert
- version/ibm rational team concert/3.0.1.6
- version/ibm rational team concert/4.0.0
- version/ibm rational team concert/4.0.1
- version/ibm rational team concert/4.0.2
- version/ibm rational team concert/4.0.3
- version/ibm rational team concert/4.0.4
- version/ibm rational team concert/4.0.5
- version/ibm rational team concert/4.0.6
- version/ibm rational team concert/4.0.7
- version/ibm rational team concert/5.0.0
- version/ibm rational team concert/5.0.1
- version/ibm rational team concert/5.0.2
- version/ibm rational team concert/6.0.0
- version/ibm rational team concert/6.0.1
- version/ibm rational team concert/6.0.2