CVE-2017-1280: XSS
First published: Thu Jun 28 2018(Updated: )
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Quality Manager | =5.0.0 | |
| IBM Rational Quality Manager | =5.0.1 | |
| IBM Rational Quality Manager | =5.0.2 | |
| IBM Rational Quality Manager | =6.0.0 | |
| IBM Rational Quality Manager | =6.0.1 | |
| IBM Rational Quality Manager | =6.0.2 | |
| IBM Rational Quality Manager | =6.0.3 | |
| IBM Rational Quality Manager | =6.0.4 | |
| IBM Rational Quality Manager | =6.0.5 | |
| IBM Collaborative Lifecycle Management | =5.0.0 | |
| IBM Collaborative Lifecycle Management | =5.0.1 | |
| IBM Collaborative Lifecycle Management | =5.0.2 | |
| IBM Collaborative Lifecycle Management | =6.0.0 | |
| IBM Collaborative Lifecycle Management | =6.0.1 | |
| IBM Collaborative Lifecycle Management | =6.0.2 | |
| IBM Collaborative Lifecycle Management | =6.0.3 | |
| IBM Collaborative Lifecycle Management | =6.0.4 | |
| IBM Collaborative Lifecycle Management | =6.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-1280?
CVE-2017-1280 has been classified as a moderate severity vulnerability due to its cross-site scripting capabilities.
How do I fix CVE-2017-1280?
To mitigate CVE-2017-1280, ensure you update IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management to the latest patched versions.
Which versions are affected by CVE-2017-1280?
CVE-2017-1280 affects IBM Rational Quality Manager versions 5.0.0 through 5.0.2 and 6.0.0 through 6.0.5, as well as IBM Rational Collaborative Lifecycle Management versions 5.0.0 through 5.0.2 and 6.0.0 through 6.0.5.
What does CVE-2017-1280 allow an attacker to do?
CVE-2017-1280 allows an attacker to embed arbitrary JavaScript code into the Web UI, which can alter functionality and lead to further exploitation.
Is CVE-2017-1280 a local or remote vulnerability?
CVE-2017-1280 is considered a remote vulnerability because it can be exploited through a web interface by an attacker without direct access to the system.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm rational quality manager
- version/ibm rational quality manager/5.0.0
- version/ibm rational quality manager/5.0.1
- version/ibm rational quality manager/5.0.2
- version/ibm rational quality manager/6.0.0
- version/ibm rational quality manager/6.0.1
- version/ibm rational quality manager/6.0.2
- version/ibm rational quality manager/6.0.3
- version/ibm rational quality manager/6.0.4
- version/ibm rational quality manager/6.0.5
- canonical/ibm collaborative lifecycle management
- version/ibm collaborative lifecycle management/5.0.0
- version/ibm collaborative lifecycle management/5.0.1
- version/ibm collaborative lifecycle management/5.0.2
- version/ibm collaborative lifecycle management/6.0.0
- version/ibm collaborative lifecycle management/6.0.1
- version/ibm collaborative lifecycle management/6.0.2
- version/ibm collaborative lifecycle management/6.0.3
- version/ibm collaborative lifecycle management/6.0.4
- version/ibm collaborative lifecycle management/6.0.5