First published: Thu Jun 28 2018(Updated: )
IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Rational Collaborative Lifecycle Management | >=6.0.0<=6.0.5 | |
IBM Rational Collaborative Lifecycle Management | =5.0.1 | |
IBM Rational Team Concert | >=6.0.0<=6.0.5 | |
IBM Rational Team Concert | =5.0.1 | |
IBM Rational DOORS Next Generation | >=6.0.0<=6.0.5 | |
IBM Rational DOORS Next Generation | =5.0.1 | |
IBM Rational Quality Manager | >=6.0.0<=6.0.5 | |
IBM Rational Quality Manager | =5.0.1 | |
IBM Rational Rhapsody Design Manager | >=6.0.0<=6.0.5 | |
IBM Rational Rhapsody Design Manager | =5.0.1 | |
IBM Rational Software Architect Design Manager | =5.0.1 | |
IBM Rational Software Architect Design Manager | =6.0.0 | |
IBM Rational Software Architect Design Manager | =6.0.1 | |
IBM Rational Engineering Lifecycle Manager | >=6.0.0<=6.0.5 | |
IBM Rational Engineering Lifecycle Manager | =5.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-1237 is a vulnerability in IBM Jazz based applications that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session.
IBM Rational Collaborative Lifecycle Management (versions 5.0.1 - 6.0.5), IBM Rational Team Concert (versions 5.0.1 - 6.0.5), IBM Rational DOORS Next Generation (versions 5.0.1 - 6.0.5), IBM Rational Quality Manager (versions 5.0.1 - 6.0.5), IBM Rational Rhapsody Design Manager (versions 5.0.1 - 6.0.5), IBM Rational Software Architect Design Manager (versions 5.0.1 - 6.0.1), and IBM Rational Engineering Lifecycle Manager (versions 5.0.1 - 6.0.5) are affected by CVE-2017-1237.
CVE-2017-1237 has a severity rating of medium (5.4/10).
Apply the necessary patches provided by IBM to fix CVE-2017-1237 vulnerability in the affected applications.
You can find more information about CVE-2017-1237 at the following references: [Reference 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/124355) and [Reference 2](https://www-prd-trops.events.ibm.com/node/715709).