What is the severity of CVE-2017-1276?

CVE-2017-1276 has a high severity rating due to its potential for cross-site scripting leading to credential disclosure.

How do I fix CVE-2017-1276?

To fix CVE-2017-1276, apply the latest security updates from IBM for affected versions of Rational DOORS Next Generation and Rational Requirements Composer.

What versions are affected by CVE-2017-1276?

CVE-2017-1276 affects IBM Rational DOORS Next Generation versions 4.0, 5.0, and 6.0, as well as multiple versions of IBM Rational Requirements Composer.

What are the potential impacts of CVE-2017-1276?

The potential impacts of CVE-2017-1276 include unauthorized access to user credentials and manipulation of the web application.

Is CVE-2017-1276 a client-side or server-side vulnerability?

CVE-2017-1276 is primarily a client-side vulnerability that exploits the web application's handling of user input.

Vulnerability/
CVE-2017-1276

medium

5.4

CWE

12/6/2017

5/8/2024

CVE-2017-1276: XSS

First published: Mon Jun 12 2017(Updated: )

IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124751.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Rational DOORS	=5.0
IBM Rational DOORS	=5.0.0
IBM Rational DOORS	=5.0.1
IBM Rational DOORS	=5.0.2
IBM Rational DOORS	=6.0.0
IBM Rational DOORS	=6.0.1
IBM Rational DOORS	=6.0.2
IBM Rational DOORS	=6.0.3
IBM Rational Requirements Composer	=4.0.1
IBM Rational Requirements Composer	=4.0.2
IBM Rational Requirements Composer	=4.0.3
IBM Rational Requirements Composer	=4.0.4
IBM Rational Requirements Composer	=4.0.5
IBM Rational Requirements Composer	=4.0.6
IBM Rational Requirements Composer	=4.0.7

Remedy

http://www.ibm.com/support/docview.wss?uid=swg22002809

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1276?
CVE-2017-1276 has a high severity rating due to its potential for cross-site scripting leading to credential disclosure.
How do I fix CVE-2017-1276?
To fix CVE-2017-1276, apply the latest security updates from IBM for affected versions of Rational DOORS Next Generation and Rational Requirements Composer.
What versions are affected by CVE-2017-1276?
CVE-2017-1276 affects IBM Rational DOORS Next Generation versions 4.0, 5.0, and 6.0, as well as multiple versions of IBM Rational Requirements Composer.
What are the potential impacts of CVE-2017-1276?
The potential impacts of CVE-2017-1276 include unauthorized access to user credentials and manipulation of the web application.
Is CVE-2017-1276 a client-side or server-side vulnerability?
CVE-2017-1276 is primarily a client-side vulnerability that exploits the web application's handling of user input.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/severity
agent/references
agent/last-modified-date
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm rational doors
version/ibm rational doors/5.0
version/ibm rational doors/5.0.0
version/ibm rational doors/5.0.1
version/ibm rational doors/5.0.2
version/ibm rational doors/6.0.0
version/ibm rational doors/6.0.1
version/ibm rational doors/6.0.2
version/ibm rational doors/6.0.3
canonical/ibm rational requirements composer
version/ibm rational requirements composer/4.0.1
version/ibm rational requirements composer/4.0.2
version/ibm rational requirements composer/4.0.3
version/ibm rational requirements composer/4.0.4
version/ibm rational requirements composer/4.0.5
version/ibm rational requirements composer/4.0.6
version/ibm rational requirements composer/4.0.7