What is the severity of CVE-2017-1312?

CVE-2017-1312 is considered a medium severity vulnerability due to its potential for cross-site scripting attacks.

How do I fix CVE-2017-1312?

To fix CVE-2017-1312, you should apply the latest updates and patches provided by IBM for Rational Quality Manager and Collaborative Lifecycle Management.

Which IBM products are affected by CVE-2017-1312?

CVE-2017-1312 affects IBM Rational Quality Manager versions 5.0 to 5.0.2 and 6.0 to 6.0.5, as well as IBM Rational Collaborative Lifecycle Management versions 5.0 to 5.0.2 and 6.0 to 6.0.5.

What types of attacks can exploit CVE-2017-1312?

CVE-2017-1312 can be exploited to perform cross-site scripting attacks that allow an attacker to inject arbitrary JavaScript code into the web application.

Are there any workarounds for CVE-2017-1312 before applying patches?

While it is highly recommended to apply patches, avoiding user-generated content in the web UI can serve as a temporary workaround for CVE-2017-1312.

Vulnerability/
CVE-2017-1312

medium

5.4

CWE

3/7/2018

17/9/2024

CVE-2017-1312: XSS

First published: Tue Jul 03 2018(Updated: )

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125723.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Collaborative Lifecycle Management	=5.0
IBM Collaborative Lifecycle Management	=5.0.1
IBM Collaborative Lifecycle Management	=5.0.2
IBM Collaborative Lifecycle Management	=6.0
IBM Collaborative Lifecycle Management	=6.0.1
IBM Collaborative Lifecycle Management	=6.0.2
IBM Collaborative Lifecycle Management	=6.0.3
IBM Collaborative Lifecycle Management	=6.0.4
IBM Collaborative Lifecycle Management	=6.0.5
IBM Rational Quality Manager	=5.0
IBM Rational Quality Manager	=5.0.1
IBM Rational Quality Manager	=5.0.2
IBM Rational Quality Manager	=6.0
IBM Rational Quality Manager	=6.0.1
IBM Rational Quality Manager	=6.0.2
IBM Rational Quality Manager	=6.0.3
IBM Rational Quality Manager	=6.0.4
IBM Rational Quality Manager	=6.0.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1312?
CVE-2017-1312 is considered a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2017-1312?
To fix CVE-2017-1312, you should apply the latest updates and patches provided by IBM for Rational Quality Manager and Collaborative Lifecycle Management.
Which IBM products are affected by CVE-2017-1312?
CVE-2017-1312 affects IBM Rational Quality Manager versions 5.0 to 5.0.2 and 6.0 to 6.0.5, as well as IBM Rational Collaborative Lifecycle Management versions 5.0 to 5.0.2 and 6.0 to 6.0.5.
What types of attacks can exploit CVE-2017-1312?
CVE-2017-1312 can be exploited to perform cross-site scripting attacks that allow an attacker to inject arbitrary JavaScript code into the web application.
Are there any workarounds for CVE-2017-1312 before applying patches?
While it is highly recommended to apply patches, avoiding user-generated content in the web UI can serve as a temporary workaround for CVE-2017-1312.

agent/references
agent/type
agent/softwarecombine
agent/severity
agent/author
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm collaborative lifecycle management
version/ibm collaborative lifecycle management/5.0
version/ibm collaborative lifecycle management/5.0.1
version/ibm collaborative lifecycle management/5.0.2
version/ibm collaborative lifecycle management/6.0
version/ibm collaborative lifecycle management/6.0.1
version/ibm collaborative lifecycle management/6.0.2
version/ibm collaborative lifecycle management/6.0.3
version/ibm collaborative lifecycle management/6.0.4
version/ibm collaborative lifecycle management/6.0.5
canonical/ibm rational quality manager
version/ibm rational quality manager/5.0
version/ibm rational quality manager/5.0.1
version/ibm rational quality manager/5.0.2
version/ibm rational quality manager/6.0
version/ibm rational quality manager/6.0.1
version/ibm rational quality manager/6.0.2
version/ibm rational quality manager/6.0.3
version/ibm rational quality manager/6.0.4
version/ibm rational quality manager/6.0.5

Frequently Asked Questions

What is the severity of CVE-2017-1312?
CVE-2017-1312 is considered a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2017-1312?
To fix CVE-2017-1312, you should apply the latest updates and patches provided by IBM for Rational Quality Manager and Collaborative Lifecycle Management.
Which IBM products are affected by CVE-2017-1312?
CVE-2017-1312 affects IBM Rational Quality Manager versions 5.0 to 5.0.2 and 6.0 to 6.0.5, as well as IBM Rational Collaborative Lifecycle Management versions 5.0 to 5.0.2 and 6.0 to 6.0.5.
What types of attacks can exploit CVE-2017-1312?
CVE-2017-1312 can be exploited to perform cross-site scripting attacks that allow an attacker to inject arbitrary JavaScript code into the web application.
Are there any workarounds for CVE-2017-1312 before applying patches?
While it is highly recommended to apply patches, avoiding user-generated content in the web UI can serve as a temporary workaround for CVE-2017-1312.

CVE-2017-1312: XSS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1312?

How do I fix CVE-2017-1312?

Which IBM products are affected by CVE-2017-1312?

What types of attacks can exploit CVE-2017-1312?

Are there any workarounds for CVE-2017-1312 before applying patches?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2017-1312?

How do I fix CVE-2017-1312?

Which IBM products are affected by CVE-2017-1312?

What types of attacks can exploit CVE-2017-1312?

Are there any workarounds for CVE-2017-1312 before applying patches?