CVE-2017-1168: XSS
First published: Thu Aug 10 2017(Updated: )
IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123187.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Engineering Lifecycle Manager | =4.0.3 | |
| IBM Engineering Lifecycle Manager | =4.0.4 | |
| IBM Engineering Lifecycle Manager | =4.0.5 | |
| IBM Engineering Lifecycle Manager | =4.0.6 | |
| IBM Engineering Lifecycle Manager | =4.0.7 | |
| IBM Engineering Lifecycle Manager | =5.0.0 | |
| IBM Engineering Lifecycle Manager | =5.0.1 | |
| IBM Engineering Lifecycle Manager | =5.0.2 | |
| IBM Engineering Lifecycle Manager | =6.0.0 | |
| IBM Engineering Lifecycle Manager | =6.0.1 | |
| IBM Engineering Lifecycle Manager | =6.0.2 | |
| IBM Engineering Lifecycle Manager | =6.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-1168?
The severity of CVE-2017-1168 is classified as medium due to the potential for cross-site scripting attacks.
How do I fix CVE-2017-1168?
To fix CVE-2017-1168, users should apply the latest patches or updates provided by IBM for the affected versions of Rational Engineering Lifecycle Manager.
What versions of IBM Rational Engineering Lifecycle Manager are affected by CVE-2017-1168?
CVE-2017-1168 affects IBM Rational Engineering Lifecycle Manager versions 4.0, 5.0, and 6.0 specifically 4.0.3 to 6.0.3.
What type of vulnerability is CVE-2017-1168?
CVE-2017-1168 is a cross-site scripting (XSS) vulnerability.
What impact does CVE-2017-1168 have on users?
CVE-2017-1168 can lead to unauthorized execution of JavaScript in a user's session, potentially resulting in sensitive data disclosure.
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/author
- agent/references
- agent/remedy
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm engineering lifecycle manager
- version/ibm engineering lifecycle manager/4.0.3
- version/ibm engineering lifecycle manager/4.0.4
- version/ibm engineering lifecycle manager/4.0.5
- version/ibm engineering lifecycle manager/4.0.6
- version/ibm engineering lifecycle manager/4.0.7
- version/ibm engineering lifecycle manager/5.0.0
- version/ibm engineering lifecycle manager/5.0.1
- version/ibm engineering lifecycle manager/5.0.2
- version/ibm engineering lifecycle manager/6.0.0
- version/ibm engineering lifecycle manager/6.0.1
- version/ibm engineering lifecycle manager/6.0.2
- version/ibm engineering lifecycle manager/6.0.3