What is the severity of CVE-2016-6035?

CVE-2016-6035 is considered a high severity vulnerability due to its potential for credential disclosure through cross-site scripting.

How do I fix CVE-2016-6035?

To fix CVE-2016-6035, users must update their IBM Rational Quality Manager or IBM Rational Team Concert to the latest patched version provided by IBM.

Which versions of software are affected by CVE-2016-6035?

CVE-2016-6035 affects multiple versions of IBM Rational Quality Manager and IBM Rational Team Concert from 4.0.0 to 6.0.2.

What types of attacks can exploit CVE-2016-6035?

CVE-2016-6035 can be exploited through cross-site scripting attacks allowing attackers to inject JavaScript into the web interface.

Is user input filtering a solution for CVE-2016-6035?

While user input filtering can mitigate risks, it is essential to apply the official fixes to fully address CVE-2016-6035.

Vulnerability/
CVE-2016-6035

medium

5.4

CWE

10/5/2017

6/8/2024

CVE-2016-6035: XSS

First published: Wed May 10 2017(Updated: )

IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Rational Team Concert	=4.0.0
IBM Rational Team Concert	=4.0.1
IBM Rational Team Concert	=4.0.2
IBM Rational Team Concert	=4.0.3
IBM Rational Team Concert	=4.0.4
IBM Rational Team Concert	=4.0.5
IBM Rational Team Concert	=4.0.6
IBM Rational Team Concert	=4.0.7
IBM Rational Team Concert	=5.0.0
IBM Rational Team Concert	=5.0.1
IBM Rational Team Concert	=5.0.2
IBM Rational Team Concert	=6.0.0
IBM Rational Team Concert	=6.0.1
IBM Rational Team Concert	=6.0.2
IBM Rational Team Concert	=6.0.3
IBM Rational Quality Manager	=4.0.0
IBM Rational Quality Manager	=4.0.1
IBM Rational Quality Manager	=4.0.2
IBM Rational Quality Manager	=4.0.3
IBM Rational Quality Manager	=4.0.4
IBM Rational Quality Manager	=4.0.5
IBM Rational Quality Manager	=4.0.6
IBM Rational Quality Manager	=4.0.7
IBM Rational Quality Manager	=5.0.0
IBM Rational Quality Manager	=5.0.1
IBM Rational Quality Manager	=5.0.2
IBM Rational Quality Manager	=6.0.0
IBM Rational Quality Manager	=6.0.1
IBM Rational Quality Manager	=6.0.2

Remedy

http://www.ibm.com/support/docview.wss?uid=swg22002429

Never miss a vulnerability like this again

Reference Links

http://www.ibm.com/support/docview.wss?uid=swg22002429

Frequently Asked Questions

What is the severity of CVE-2016-6035?
CVE-2016-6035 is considered a high severity vulnerability due to its potential for credential disclosure through cross-site scripting.
How do I fix CVE-2016-6035?
To fix CVE-2016-6035, users must update their IBM Rational Quality Manager or IBM Rational Team Concert to the latest patched version provided by IBM.
Which versions of software are affected by CVE-2016-6035?
CVE-2016-6035 affects multiple versions of IBM Rational Quality Manager and IBM Rational Team Concert from 4.0.0 to 6.0.2.
What types of attacks can exploit CVE-2016-6035?
CVE-2016-6035 can be exploited through cross-site scripting attacks allowing attackers to inject JavaScript into the web interface.
Is user input filtering a solution for CVE-2016-6035?
While user input filtering can mitigate risks, it is essential to apply the official fixes to fully address CVE-2016-6035.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/severity
agent/last-modified-date
agent/references
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm rational team concert
version/ibm rational team concert/4.0.0
version/ibm rational team concert/4.0.1
version/ibm rational team concert/4.0.2
version/ibm rational team concert/4.0.3
version/ibm rational team concert/4.0.4
version/ibm rational team concert/4.0.5
version/ibm rational team concert/4.0.6
version/ibm rational team concert/4.0.7
version/ibm rational team concert/5.0.0
version/ibm rational team concert/5.0.1
version/ibm rational team concert/5.0.2
version/ibm rational team concert/6.0.0
version/ibm rational team concert/6.0.1
version/ibm rational team concert/6.0.2
version/ibm rational team concert/6.0.3
canonical/ibm rational quality manager
version/ibm rational quality manager/4.0.0
version/ibm rational quality manager/4.0.1
version/ibm rational quality manager/4.0.2
version/ibm rational quality manager/4.0.3
version/ibm rational quality manager/4.0.4
version/ibm rational quality manager/4.0.5
version/ibm rational quality manager/4.0.6
version/ibm rational quality manager/4.0.7
version/ibm rational quality manager/5.0.0
version/ibm rational quality manager/5.0.1
version/ibm rational quality manager/5.0.2
version/ibm rational quality manager/6.0.0
version/ibm rational quality manager/6.0.1
version/ibm rational quality manager/6.0.2