What is the severity of CVE-2016-6037?

The severity of CVE-2016-6037 is considered high due to the ability for an attacker to execute arbitrary HTML code in the context of the victim's browser.

How do I fix CVE-2016-6037?

To fix CVE-2016-6037, update to a patched version of IBM Rational Team Concert or Rational Quality Manager as provided by IBM.

Who is affected by CVE-2016-6037?

CVE-2016-6037 affects users of IBM Rational Team Concert and IBM Rational Quality Manager versions 4.0.0 to 6.0.2.

What type of attack is CVE-2016-6037?

CVE-2016-6037 is an HTML injection vulnerability that allows attackers with project administrator privileges to embed malicious HTML.

What are the potential impacts of CVE-2016-6037?

The potential impacts of CVE-2016-6037 include unauthorized exposure of sensitive information and potential session hijacking.

Vulnerability/
CVE-2016-6037

medium

4.8

CWE

10/5/2017

6/8/2024

CVE-2016-6037: XSS

First published: Wed May 10 2017(Updated: )

IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Rational Team Concert	=4.0.0
IBM Rational Team Concert	=4.0.1
IBM Rational Team Concert	=4.0.2
IBM Rational Team Concert	=4.0.3
IBM Rational Team Concert	=4.0.4
IBM Rational Team Concert	=4.0.5
IBM Rational Team Concert	=4.0.6
IBM Rational Team Concert	=4.0.7
IBM Rational Team Concert	=5.0.0
IBM Rational Team Concert	=5.0.1
IBM Rational Team Concert	=5.0.2
IBM Rational Team Concert	=6.0.0
IBM Rational Team Concert	=6.0.1
IBM Rational Team Concert	=6.0.2
IBM Rational Team Concert	=6.0.3
IBM Rational Quality Manager	=4.0.0
IBM Rational Quality Manager	=4.0.1
IBM Rational Quality Manager	=4.0.2
IBM Rational Quality Manager	=4.0.3
IBM Rational Quality Manager	=4.0.4
IBM Rational Quality Manager	=4.0.5
IBM Rational Quality Manager	=4.0.6
IBM Rational Quality Manager	=4.0.7
IBM Rational Quality Manager	=5.0.0
IBM Rational Quality Manager	=5.0.1
IBM Rational Quality Manager	=5.0.2
IBM Rational Quality Manager	=6.0.0
IBM Rational Quality Manager	=6.0.1
IBM Rational Quality Manager	=6.0.2

Remedy

http://www.ibm.com/support/docview.wss?uid=swg22002429

Never miss a vulnerability like this again

Reference Links

http://www.ibm.com/support/docview.wss?uid=swg22002429

Frequently Asked Questions

What is the severity of CVE-2016-6037?
The severity of CVE-2016-6037 is considered high due to the ability for an attacker to execute arbitrary HTML code in the context of the victim's browser.
How do I fix CVE-2016-6037?
To fix CVE-2016-6037, update to a patched version of IBM Rational Team Concert or Rational Quality Manager as provided by IBM.
Who is affected by CVE-2016-6037?
CVE-2016-6037 affects users of IBM Rational Team Concert and IBM Rational Quality Manager versions 4.0.0 to 6.0.2.
What type of attack is CVE-2016-6037?
CVE-2016-6037 is an HTML injection vulnerability that allows attackers with project administrator privileges to embed malicious HTML.
What are the potential impacts of CVE-2016-6037?
The potential impacts of CVE-2016-6037 include unauthorized exposure of sensitive information and potential session hijacking.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/severity
agent/last-modified-date
agent/references
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm rational team concert
version/ibm rational team concert/4.0.0
version/ibm rational team concert/4.0.1
version/ibm rational team concert/4.0.2
version/ibm rational team concert/4.0.3
version/ibm rational team concert/4.0.4
version/ibm rational team concert/4.0.5
version/ibm rational team concert/4.0.6
version/ibm rational team concert/4.0.7
version/ibm rational team concert/5.0.0
version/ibm rational team concert/5.0.1
version/ibm rational team concert/5.0.2
version/ibm rational team concert/6.0.0
version/ibm rational team concert/6.0.1
version/ibm rational team concert/6.0.2
version/ibm rational team concert/6.0.3
canonical/ibm rational quality manager
version/ibm rational quality manager/4.0.0
version/ibm rational quality manager/4.0.1
version/ibm rational quality manager/4.0.2
version/ibm rational quality manager/4.0.3
version/ibm rational quality manager/4.0.4
version/ibm rational quality manager/4.0.5
version/ibm rational quality manager/4.0.6
version/ibm rational quality manager/4.0.7
version/ibm rational quality manager/5.0.0
version/ibm rational quality manager/5.0.1
version/ibm rational quality manager/5.0.2
version/ibm rational quality manager/6.0.0
version/ibm rational quality manager/6.0.1
version/ibm rational quality manager/6.0.2