What is the severity of CVE-2016-9694?

CVE-2016-9694 has a medium severity rating as it allows cross-site scripting, potentially leading to credential disclosure.

How do I fix CVE-2016-9694?

To fix CVE-2016-9694, you should upgrade to a patched version of IBM Rhapsody Design Manager as recommended by IBM.

Which versions of IBM Rhapsody are affected by CVE-2016-9694?

CVE-2016-9694 affects IBM Rhapsody Design Manager versions 4.0, 5.0, and 6.0, including their respective minor updates.

What is the impact of CVE-2016-9694?

The impact of CVE-2016-9694 includes the ability to execute arbitrary JavaScript code in the web UI, potentially compromising user credentials.

Is there a workaround for CVE-2016-9694?

There is no specific workaround for CVE-2016-9694, and the best course of action is to apply the necessary updates.

Vulnerability/
CVE-2016-9694

medium

5.4

CWE

20/3/2017

6/8/2024

CVE-2016-9694: XSS

First published: Mon Mar 20 2017(Updated: )

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999960.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Rhapsody Design Manager	=4.0
IBM Rhapsody Design Manager	=4.0.1
IBM Rhapsody Design Manager	=4.0.2
IBM Rhapsody Design Manager	=4.0.3
IBM Rhapsody Design Manager	=4.0.4
IBM Rhapsody Design Manager	=4.0.5
IBM Rhapsody Design Manager	=4.0.6
IBM Rhapsody Design Manager	=4.0.7
IBM Rhapsody Design Manager	=5.0
IBM Rhapsody Design Manager	=5.0.1
IBM Rhapsody Design Manager	=5.0.2
IBM Rhapsody Design Manager	=6.0
IBM Rhapsody Design Manager	=6.0.1
IBM Rhapsody Design Manager	=6.0.2

Remedy

http://www.ibm.com/support/docview.wss?uid=swg21999960

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9694?
CVE-2016-9694 has a medium severity rating as it allows cross-site scripting, potentially leading to credential disclosure.
How do I fix CVE-2016-9694?
To fix CVE-2016-9694, you should upgrade to a patched version of IBM Rhapsody Design Manager as recommended by IBM.
Which versions of IBM Rhapsody are affected by CVE-2016-9694?
CVE-2016-9694 affects IBM Rhapsody Design Manager versions 4.0, 5.0, and 6.0, including their respective minor updates.
What is the impact of CVE-2016-9694?
The impact of CVE-2016-9694 includes the ability to execute arbitrary JavaScript code in the web UI, potentially compromising user credentials.
Is there a workaround for CVE-2016-9694?
There is no specific workaround for CVE-2016-9694, and the best course of action is to apply the necessary updates.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/weakness
agent/severity
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm rhapsody design manager
version/ibm rhapsody design manager/4.0
version/ibm rhapsody design manager/4.0.1
version/ibm rhapsody design manager/4.0.2
version/ibm rhapsody design manager/4.0.3
version/ibm rhapsody design manager/4.0.4
version/ibm rhapsody design manager/4.0.5
version/ibm rhapsody design manager/4.0.6
version/ibm rhapsody design manager/4.0.7
version/ibm rhapsody design manager/5.0
version/ibm rhapsody design manager/5.0.1
version/ibm rhapsody design manager/5.0.2
version/ibm rhapsody design manager/6.0
version/ibm rhapsody design manager/6.0.1
version/ibm rhapsody design manager/6.0.2

Frequently Asked Questions

What is the severity of CVE-2016-9694?
CVE-2016-9694 has a medium severity rating as it allows cross-site scripting, potentially leading to credential disclosure.
How do I fix CVE-2016-9694?
To fix CVE-2016-9694, you should upgrade to a patched version of IBM Rhapsody Design Manager as recommended by IBM.
Which versions of IBM Rhapsody are affected by CVE-2016-9694?
CVE-2016-9694 affects IBM Rhapsody Design Manager versions 4.0, 5.0, and 6.0, including their respective minor updates.
What is the impact of CVE-2016-9694?
The impact of CVE-2016-9694 includes the ability to execute arbitrary JavaScript code in the web UI, potentially compromising user credentials.
Is there a workaround for CVE-2016-9694?
There is no specific workaround for CVE-2016-9694, and the best course of action is to apply the necessary updates.

CVE-2016-9694: XSS

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9694?

How do I fix CVE-2016-9694?

Which versions of IBM Rhapsody are affected by CVE-2016-9694?

What is the impact of CVE-2016-9694?

Is there a workaround for CVE-2016-9694?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2016-9694?

How do I fix CVE-2016-9694?

Which versions of IBM Rhapsody are affected by CVE-2016-9694?

What is the impact of CVE-2016-9694?

Is there a workaround for CVE-2016-9694?