CVE-2017-1247: XSS
First published: Mon Jun 12 2017(Updated: )
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124627.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational DOORS Next Generation | =5.0 | |
| IBM Rational DOORS Next Generation | =5.0.0 | |
| IBM Rational DOORS Next Generation | =5.0.1 | |
| IBM Rational DOORS Next Generation | =5.0.2 | |
| IBM Rational DOORS Next Generation | =6.0.0 | |
| IBM Rational DOORS Next Generation | =6.0.1 | |
| IBM Rational DOORS Next Generation | =6.0.2 | |
| IBM Rational DOORS Next Generation | =6.0.3 | |
| IBM Rational Requirements Composer | =4.0.1 | |
| IBM Rational Requirements Composer | =4.0.2 | |
| IBM Rational Requirements Composer | =4.0.3 | |
| IBM Rational Requirements Composer | =4.0.4 | |
| IBM Rational Requirements Composer | =4.0.5 | |
| IBM Rational Requirements Composer | =4.0.6 | |
| IBM Rational Requirements Composer | =4.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-1247?
CVE-2017-1247 has a medium severity rating due to its potential for cross-site scripting attacks that can lead to credential disclosure.
How do I fix CVE-2017-1247?
To remediate CVE-2017-1247, update IBM DOORS Next Generation or Rational Requirements Composer to the latest patched version.
What versions are affected by CVE-2017-1247?
CVE-2017-1247 affects IBM DOORS Next Generation versions 4.0, 5.0, 5.0.1, 5.0.2, 6.0.0, 6.0.1, 6.0.2, and 6.0.3, as well as Rational Requirements Composer versions 4.0.1 through 4.0.7.
What are the potential impacts of CVE-2017-1247?
The potential impacts of CVE-2017-1247 include unauthorized modification of web applications and compromised user credentials within a trusted session.
Is user interaction required to exploit CVE-2017-1247?
Yes, exploitation of CVE-2017-1247 typically requires victim user interaction to execute the embedded JavaScript.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/ibm
- canonical/ibm rational doors next generation
- version/ibm rational doors next generation/5.0
- version/ibm rational doors next generation/5.0.0
- version/ibm rational doors next generation/5.0.1
- version/ibm rational doors next generation/5.0.2
- version/ibm rational doors next generation/6.0.0
- version/ibm rational doors next generation/6.0.1
- version/ibm rational doors next generation/6.0.2
- version/ibm rational doors next generation/6.0.3
- canonical/ibm rational requirements composer
- version/ibm rational requirements composer/4.0.1
- version/ibm rational requirements composer/4.0.2
- version/ibm rational requirements composer/4.0.3
- version/ibm rational requirements composer/4.0.4
- version/ibm rational requirements composer/4.0.5
- version/ibm rational requirements composer/4.0.6
- version/ibm rational requirements composer/4.0.7