What is the severity of CVE-2016-9747?

CVE-2016-9747 is classified as a medium severity vulnerability due to the potential for cross-site scripting attacks.

How can I mitigate CVE-2016-9747?

To fix CVE-2016-9747, ensure you upgrade to a patched version of IBM Engineering Lifecycle Manager or IBM Collaborative Lifecycle Management.

Which versions are affected by CVE-2016-9747?

CVE-2016-9747 affects IBM Engineering Lifecycle Manager versions 4.0 through 6.0, and IBM Collaborative Lifecycle Management versions 4.0 through 6.0.

What type of vulnerability is CVE-2016-9747?

CVE-2016-9747 is a cross-site scripting (XSS) vulnerability that allows embedding arbitrary JavaScript in the web user interface.

What are the potential impacts of CVE-2016-9747?

The exploitation of CVE-2016-9747 could lead to the disclosure of sensitive information, including user credentials within a trusted session.

Vulnerability/
CVE-2016-9747

medium

5.4

CWE

22/6/2017

6/8/2024

CVE-2016-9747: XSS

First published: Thu Jun 22 2017(Updated: )

IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Engineering Lifecycle Manager	=4.0.3
IBM Engineering Lifecycle Manager	=4.0.4
IBM Engineering Lifecycle Manager	=4.0.5
IBM Engineering Lifecycle Manager	=4.0.6
IBM Engineering Lifecycle Manager	=4.0.7
IBM Engineering Lifecycle Manager	=5.0.0
IBM Engineering Lifecycle Manager	=5.0.1
IBM Engineering Lifecycle Manager	=5.0.2
IBM Engineering Lifecycle Manager	=6.0.0
IBM Engineering Lifecycle Manager	=6.0.1
IBM Engineering Lifecycle Manager	=6.0.2
IBM Collaborative Lifecycle Management	=4.0.0
IBM Collaborative Lifecycle Management	=4.0.1
IBM Collaborative Lifecycle Management	=4.0.2
IBM Collaborative Lifecycle Management	=4.0.3
IBM Collaborative Lifecycle Management	=4.0.4
IBM Collaborative Lifecycle Management	=4.0.5
IBM Collaborative Lifecycle Management	=4.0.6
IBM Collaborative Lifecycle Management	=4.0.7
IBM Collaborative Lifecycle Management	=5.0.0
IBM Collaborative Lifecycle Management	=5.0.1
IBM Collaborative Lifecycle Management	=5.0.2
IBM Collaborative Lifecycle Management	=6.0.0
IBM Collaborative Lifecycle Management	=6.0.1
IBM Collaborative Lifecycle Management	=6.0.2

Remedy

http://www.ibm.com/support/docview.wss?uid=swg22004734

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9747?
CVE-2016-9747 is classified as a medium severity vulnerability due to the potential for cross-site scripting attacks.
How can I mitigate CVE-2016-9747?
To fix CVE-2016-9747, ensure you upgrade to a patched version of IBM Engineering Lifecycle Manager or IBM Collaborative Lifecycle Management.
Which versions are affected by CVE-2016-9747?
CVE-2016-9747 affects IBM Engineering Lifecycle Manager versions 4.0 through 6.0, and IBM Collaborative Lifecycle Management versions 4.0 through 6.0.
What type of vulnerability is CVE-2016-9747?
CVE-2016-9747 is a cross-site scripting (XSS) vulnerability that allows embedding arbitrary JavaScript in the web user interface.
What are the potential impacts of CVE-2016-9747?
The exploitation of CVE-2016-9747 could lead to the disclosure of sensitive information, including user credentials within a trusted session.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/author
agent/weakness
agent/severity
agent/remedy
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm engineering lifecycle manager
version/ibm engineering lifecycle manager/4.0.3
version/ibm engineering lifecycle manager/4.0.4
version/ibm engineering lifecycle manager/4.0.5
version/ibm engineering lifecycle manager/4.0.6
version/ibm engineering lifecycle manager/4.0.7
version/ibm engineering lifecycle manager/5.0.0
version/ibm engineering lifecycle manager/5.0.1
version/ibm engineering lifecycle manager/5.0.2
version/ibm engineering lifecycle manager/6.0.0
version/ibm engineering lifecycle manager/6.0.1
version/ibm engineering lifecycle manager/6.0.2
canonical/ibm collaborative lifecycle management
version/ibm collaborative lifecycle management/4.0.0
version/ibm collaborative lifecycle management/4.0.1
version/ibm collaborative lifecycle management/4.0.2
version/ibm collaborative lifecycle management/4.0.3
version/ibm collaborative lifecycle management/4.0.4
version/ibm collaborative lifecycle management/4.0.5
version/ibm collaborative lifecycle management/4.0.6
version/ibm collaborative lifecycle management/4.0.7
version/ibm collaborative lifecycle management/5.0.0
version/ibm collaborative lifecycle management/5.0.1
version/ibm collaborative lifecycle management/5.0.2
version/ibm collaborative lifecycle management/6.0.0
version/ibm collaborative lifecycle management/6.0.1
version/ibm collaborative lifecycle management/6.0.2