CVE-2016-2926: XSS
First published: Fri Nov 25 2016(Updated: )
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Team Concert | =3.0.1.6 | |
| IBM Rational Team Concert | =4.0.0 | |
| IBM Rational Team Concert | =4.0.1 | |
| IBM Rational Team Concert | =4.0.2 | |
| IBM Rational Team Concert | =4.0.3 | |
| IBM Rational Team Concert | =4.0.4 | |
| IBM Rational Team Concert | =4.0.5 | |
| IBM Rational Team Concert | =4.0.6 | |
| IBM Rational Team Concert | =4.0.7 | |
| IBM Rational Team Concert | =5.0.0 | |
| IBM Rational Team Concert | =5.0.1 | |
| IBM Rational Team Concert | =5.0.2 | |
| IBM Rational Team Concert | =6.0.0 | |
| IBM Rational Team Concert | =6.0.1 | |
| IBM Rational Team Concert | =6.0.2 | |
| IBM Rational Rhapsody | =4.0 | |
| IBM Rational Rhapsody | =4.0.1 | |
| IBM Rational Rhapsody | =4.0.2 | |
| IBM Rational Rhapsody | =4.0.3 | |
| IBM Rational Rhapsody | =4.0.4 | |
| IBM Rational Rhapsody | =4.0.5 | |
| IBM Rational Rhapsody | =4.0.6 | |
| IBM Rational Rhapsody | =4.0.7 | |
| IBM Rational Rhapsody | =5.0.0 | |
| IBM Rational Rhapsody | =5.0.1 | |
| IBM Rational Rhapsody | =5.0.2 | |
| IBM Rational Rhapsody | =6.0.0 | |
| IBM Rational Rhapsody | =6.0.1 | |
| IBM Rational Rhapsody | =6.0.2 | |
| IBM Engineering Lifecycle Manager | =4.0.0 | |
| IBM Engineering Lifecycle Manager | =4.0.1 | |
| IBM Engineering Lifecycle Manager | =4.0.2 | |
| IBM Engineering Lifecycle Manager | =4.0.3 | |
| IBM Engineering Lifecycle Manager | =4.0.4 | |
| IBM Engineering Lifecycle Manager | =4.0.5 | |
| IBM Engineering Lifecycle Manager | =4.0.6 | |
| IBM Engineering Lifecycle Manager | =4.0.7 | |
| IBM Engineering Lifecycle Manager | =5.0.0 | |
| IBM Engineering Lifecycle Manager | =5.0.1 | |
| IBM Engineering Lifecycle Manager | =5.0.2 | |
| IBM Engineering Lifecycle Manager | =6.0.0 | |
| IBM Engineering Lifecycle Manager | =6.0.1 | |
| IBM Engineering Lifecycle Manager | =6.0.2 | |
| IBM Rational Quality Manager | =3.0.1.6 | |
| IBM Rational Quality Manager | =4.0.0 | |
| IBM Rational Quality Manager | =4.0.1 | |
| IBM Rational Quality Manager | =4.0.2 | |
| IBM Rational Quality Manager | =4.0.3 | |
| IBM Rational Quality Manager | =4.0.4 | |
| IBM Rational Quality Manager | =4.0.5 | |
| IBM Rational Quality Manager | =4.0.6 | |
| IBM Rational Quality Manager | =4.0.7 | |
| IBM Rational Quality Manager | =5.0.0 | |
| IBM Rational Quality Manager | =5.0.1 | |
| IBM Rational Quality Manager | =5.0.2 | |
| IBM Rational Quality Manager | =6.0.0 | |
| IBM Rational Quality Manager | =6.0.1 | |
| IBM Rational Quality Manager | =6.0.2 | |
| IBM Collaborative Lifecycle Management | =3.0.1.6 | |
| IBM Collaborative Lifecycle Management | =4.0.0 | |
| IBM Collaborative Lifecycle Management | =4.0.1 | |
| IBM Collaborative Lifecycle Management | =4.0.2 | |
| IBM Collaborative Lifecycle Management | =4.0.3 | |
| IBM Collaborative Lifecycle Management | =4.0.4 | |
| IBM Collaborative Lifecycle Management | =4.0.5 | |
| IBM Collaborative Lifecycle Management | =4.0.6 | |
| IBM Collaborative Lifecycle Management | =4.0.7 | |
| IBM Collaborative Lifecycle Management | =5.0.0 | |
| IBM Collaborative Lifecycle Management | =5.0.1 | |
| IBM Collaborative Lifecycle Management | =5.0.2 | |
| IBM Collaborative Lifecycle Management | =6.0.0 | |
| IBM Collaborative Lifecycle Management | =6.0.1 | |
| IBM Collaborative Lifecycle Management | =6.0.2 | |
| IBM Rational Software Architect | =4.0.0 | |
| IBM Rational Software Architect | =4.0.1 | |
| IBM Rational Software Architect | =4.0.2 | |
| IBM Rational Software Architect | =4.0.3 | |
| IBM Rational Software Architect | =4.0.4 | |
| IBM Rational Software Architect | =4.0.5 | |
| IBM Rational Software Architect | =4.0.6 | |
| IBM Rational Software Architect | =4.0.7 | |
| IBM Rational Software Architect | =5.0.0 | |
| IBM Rational Software Architect | =5.0.1 | |
| IBM Rational Software Architect | =5.0.2 | |
| IBM Rational Software Architect | =6.0.0 | |
| IBM Rational Software Architect | =6.0.1 | |
| IBM Rational Software Architect | =6.0.2 | |
| IBM Rational DOORS | =4.0.0 | |
| IBM Rational DOORS | =4.0.1 | |
| IBM Rational DOORS | =4.0.2 | |
| IBM Rational DOORS | =4.0.3 | |
| IBM Rational DOORS | =4.0.4 | |
| IBM Rational DOORS | =4.0.5 | |
| IBM Rational DOORS | =4.0.6 | |
| IBM Rational DOORS | =4.0.7 | |
| IBM Rational DOORS | =5.0.0 | |
| IBM Rational DOORS | =5.0.1 | |
| IBM Rational DOORS | =5.0.2 | |
| IBM Rational DOORS | =6.0.0 | |
| IBM Rational DOORS | =6.0.1 | |
| IBM Rational DOORS | =6.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-2926?
CVE-2016-2926 has been classified with a medium severity level due to its cross-site scripting (XSS) impact.
How do I fix CVE-2016-2926?
To fix CVE-2016-2926, apply the respective updates or patches provided by IBM for the affected versions of the software.
Which IBM products are affected by CVE-2016-2926?
CVE-2016-2926 affects multiple IBM Rational products including Rational Collaborative Lifecycle Management, Rational Quality Manager, and Rational Team Concert versions prior to specific updates.
Can CVE-2016-2926 be exploited by external attackers?
Yes, CVE-2016-2926 can potentially be exploited by external attackers through crafted scripts delivered to the victim's browser.
What versions of IBM Rational products should be updated regarding CVE-2016-2926?
IBM Rational versions prior to 4.0.7 iFix11 for Collaborative Lifecycle Management, 5.0.2 iFix19 for Quality Manager, and 6.0.2 iFix3 for Team Concert are affected and should be updated.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm rational team concert
- version/ibm rational team concert/3.0.1.6
- version/ibm rational team concert/4.0.0
- version/ibm rational team concert/4.0.1
- version/ibm rational team concert/4.0.2
- version/ibm rational team concert/4.0.3
- version/ibm rational team concert/4.0.4
- version/ibm rational team concert/4.0.5
- version/ibm rational team concert/4.0.6
- version/ibm rational team concert/4.0.7
- version/ibm rational team concert/5.0.0
- version/ibm rational team concert/5.0.1
- version/ibm rational team concert/5.0.2
- version/ibm rational team concert/6.0.0
- version/ibm rational team concert/6.0.1
- version/ibm rational team concert/6.0.2
- canonical/ibm rational rhapsody
- version/ibm rational rhapsody/4.0
- version/ibm rational rhapsody/4.0.1
- version/ibm rational rhapsody/4.0.2
- version/ibm rational rhapsody/4.0.3
- version/ibm rational rhapsody/4.0.4
- version/ibm rational rhapsody/4.0.5
- version/ibm rational rhapsody/4.0.6
- version/ibm rational rhapsody/4.0.7
- version/ibm rational rhapsody/5.0.0
- version/ibm rational rhapsody/5.0.1
- version/ibm rational rhapsody/5.0.2
- version/ibm rational rhapsody/6.0.0
- version/ibm rational rhapsody/6.0.1
- version/ibm rational rhapsody/6.0.2
- canonical/ibm engineering lifecycle manager
- version/ibm engineering lifecycle manager/4.0.0
- version/ibm engineering lifecycle manager/4.0.1
- version/ibm engineering lifecycle manager/4.0.2
- version/ibm engineering lifecycle manager/4.0.3
- version/ibm engineering lifecycle manager/4.0.4
- version/ibm engineering lifecycle manager/4.0.5
- version/ibm engineering lifecycle manager/4.0.6
- version/ibm engineering lifecycle manager/4.0.7
- version/ibm engineering lifecycle manager/5.0.0
- version/ibm engineering lifecycle manager/5.0.1
- version/ibm engineering lifecycle manager/5.0.2
- version/ibm engineering lifecycle manager/6.0.0
- version/ibm engineering lifecycle manager/6.0.1
- version/ibm engineering lifecycle manager/6.0.2
- canonical/ibm rational quality manager
- version/ibm rational quality manager/3.0.1.6
- version/ibm rational quality manager/4.0.0
- version/ibm rational quality manager/4.0.1
- version/ibm rational quality manager/4.0.2
- version/ibm rational quality manager/4.0.3
- version/ibm rational quality manager/4.0.4
- version/ibm rational quality manager/4.0.5
- version/ibm rational quality manager/4.0.6
- version/ibm rational quality manager/4.0.7
- version/ibm rational quality manager/5.0.0
- version/ibm rational quality manager/5.0.1
- version/ibm rational quality manager/5.0.2
- version/ibm rational quality manager/6.0.0
- version/ibm rational quality manager/6.0.1
- version/ibm rational quality manager/6.0.2
- canonical/ibm collaborative lifecycle management
- version/ibm collaborative lifecycle management/3.0.1.6
- version/ibm collaborative lifecycle management/4.0.0
- version/ibm collaborative lifecycle management/4.0.1
- version/ibm collaborative lifecycle management/4.0.2
- version/ibm collaborative lifecycle management/4.0.3
- version/ibm collaborative lifecycle management/4.0.4
- version/ibm collaborative lifecycle management/4.0.5
- version/ibm collaborative lifecycle management/4.0.6
- version/ibm collaborative lifecycle management/4.0.7
- version/ibm collaborative lifecycle management/5.0.0
- version/ibm collaborative lifecycle management/5.0.1
- version/ibm collaborative lifecycle management/5.0.2
- version/ibm collaborative lifecycle management/6.0.0
- version/ibm collaborative lifecycle management/6.0.1
- version/ibm collaborative lifecycle management/6.0.2
- canonical/ibm rational software architect
- version/ibm rational software architect/4.0.0
- version/ibm rational software architect/4.0.1
- version/ibm rational software architect/4.0.2
- version/ibm rational software architect/4.0.3
- version/ibm rational software architect/4.0.4
- version/ibm rational software architect/4.0.5
- version/ibm rational software architect/4.0.6
- version/ibm rational software architect/4.0.7
- version/ibm rational software architect/5.0.0
- version/ibm rational software architect/5.0.1
- version/ibm rational software architect/5.0.2
- version/ibm rational software architect/6.0.0
- version/ibm rational software architect/6.0.1
- version/ibm rational software architect/6.0.2
- canonical/ibm rational doors
- version/ibm rational doors/4.0.0
- version/ibm rational doors/4.0.1
- version/ibm rational doors/4.0.2
- version/ibm rational doors/4.0.3
- version/ibm rational doors/4.0.4
- version/ibm rational doors/4.0.5
- version/ibm rational doors/4.0.6
- version/ibm rational doors/4.0.7
- version/ibm rational doors/5.0.0
- version/ibm rational doors/5.0.1
- version/ibm rational doors/5.0.2
- version/ibm rational doors/6.0.0
- version/ibm rational doors/6.0.1
- version/ibm rational doors/6.0.2