CVE-2017-1250: XSS
First published: Tue Jul 03 2018(Updated: )
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force 124630.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Quality Manager | =5.0.0 | |
| IBM Rational Quality Manager | =5.0.1 | |
| IBM Rational Quality Manager | =5.0.2 | |
| IBM Rational Quality Manager | =6.0.0 | |
| IBM Rational Quality Manager | =6.0.1 | |
| IBM Rational Quality Manager | =6.0.2 | |
| IBM Rational Quality Manager | =6.0.3 | |
| IBM Rational Quality Manager | =6.0.4 | |
| IBM Rational Quality Manager | =6.0.5 | |
| IBM Collaborative Lifecycle Management | =5.0.0 | |
| IBM Collaborative Lifecycle Management | =5.0.1 | |
| IBM Collaborative Lifecycle Management | =5.0.2 | |
| IBM Collaborative Lifecycle Management | =6.0.0 | |
| IBM Collaborative Lifecycle Management | =6.0.1 | |
| IBM Collaborative Lifecycle Management | =6.0.2 | |
| IBM Collaborative Lifecycle Management | =6.0.3 | |
| IBM Collaborative Lifecycle Management | =6.0.4 | |
| IBM Collaborative Lifecycle Management | =6.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-1250?
CVE-2017-1250 is classified as a medium severity cross-site scripting vulnerability.
How do I fix CVE-2017-1250?
To fix CVE-2017-1250, update IBM Rational Quality Manager or IBM Rational Collaborative Lifecycle Management to the latest patched version.
What systems are affected by CVE-2017-1250?
CVE-2017-1250 affects IBM Rational Quality Manager versions 5.0.0 to 5.0.2 and 6.0.0 to 6.0.5, as well as IBM Rational Collaborative Lifecycle Management versions 5.0.0 to 5.0.2 and 6.0.0 to 6.0.5.
What kind of attack can be executed using CVE-2017-1250?
CVE-2017-1250 allows attackers to execute arbitrary JavaScript code in the web user interface of the affected products.
Is there a workaround for CVE-2017-1250?
There is no specified workaround for CVE-2017-1250, so upgrading to the updated version is recommended.
- agent/references
- agent/type
- agent/softwarecombine
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm rational quality manager
- version/ibm rational quality manager/5.0.0
- version/ibm rational quality manager/5.0.1
- version/ibm rational quality manager/5.0.2
- version/ibm rational quality manager/6.0.0
- version/ibm rational quality manager/6.0.1
- version/ibm rational quality manager/6.0.2
- version/ibm rational quality manager/6.0.3
- version/ibm rational quality manager/6.0.4
- version/ibm rational quality manager/6.0.5
- canonical/ibm collaborative lifecycle management
- version/ibm collaborative lifecycle management/5.0.0
- version/ibm collaborative lifecycle management/5.0.1
- version/ibm collaborative lifecycle management/5.0.2
- version/ibm collaborative lifecycle management/6.0.0
- version/ibm collaborative lifecycle management/6.0.1
- version/ibm collaborative lifecycle management/6.0.2
- version/ibm collaborative lifecycle management/6.0.3
- version/ibm collaborative lifecycle management/6.0.4
- version/ibm collaborative lifecycle management/6.0.5