What is the severity of CVE-2017-1324?

CVE-2017-1324 is classified as a moderate severity vulnerability due to its potential for cross-site scripting and credentials disclosure.

How do I fix CVE-2017-1324?

To fix CVE-2017-1324, you should apply the latest security patches provided by IBM for the affected versions of IBM Engineering Lifecycle Manager.

Which versions of IBM Engineering Lifecycle Manager are affected by CVE-2017-1324?

CVE-2017-1324 affects IBM Engineering Lifecycle Manager versions 4.0.3 to 6.0.4.

What type of vulnerability is CVE-2017-1324?

CVE-2017-1324 is a cross-site scripting (XSS) vulnerability allowing the embedding of arbitrary JavaScript code.

What could be the consequences of CVE-2017-1324?

The consequences of CVE-2017-1324 include potential credentials disclosure within a trusted session, which can compromise user security.

Vulnerability/
CVE-2017-1324

medium

5.4

CWE

2/10/2017

17/9/2024

CVE-2017-1324: XSS

First published: Mon Oct 02 2017(Updated: )

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125975.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Engineering Lifecycle Manager	=4.0.3
IBM Engineering Lifecycle Manager	=4.0.4
IBM Engineering Lifecycle Manager	=4.0.5
IBM Engineering Lifecycle Manager	=4.0.6
IBM Engineering Lifecycle Manager	=4.0.7
IBM Engineering Lifecycle Manager	=5.0.0
IBM Engineering Lifecycle Manager	=5.0.1
IBM Engineering Lifecycle Manager	=5.0.2
IBM Engineering Lifecycle Manager	=6.0.0
IBM Engineering Lifecycle Manager	=6.0.1
IBM Engineering Lifecycle Manager	=6.0.2
IBM Engineering Lifecycle Manager	=6.0.3
IBM Engineering Lifecycle Manager	=6.0.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1324?
CVE-2017-1324 is classified as a moderate severity vulnerability due to its potential for cross-site scripting and credentials disclosure.
How do I fix CVE-2017-1324?
To fix CVE-2017-1324, you should apply the latest security patches provided by IBM for the affected versions of IBM Engineering Lifecycle Manager.
Which versions of IBM Engineering Lifecycle Manager are affected by CVE-2017-1324?
CVE-2017-1324 affects IBM Engineering Lifecycle Manager versions 4.0.3 to 6.0.4.
What type of vulnerability is CVE-2017-1324?
CVE-2017-1324 is a cross-site scripting (XSS) vulnerability allowing the embedding of arbitrary JavaScript code.
What could be the consequences of CVE-2017-1324?
The consequences of CVE-2017-1324 include potential credentials disclosure within a trusted session, which can compromise user security.

agent/type
agent/references
agent/severity
agent/author
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/ibm
canonical/ibm engineering lifecycle manager
version/ibm engineering lifecycle manager/4.0.3
version/ibm engineering lifecycle manager/4.0.4
version/ibm engineering lifecycle manager/4.0.5
version/ibm engineering lifecycle manager/4.0.6
version/ibm engineering lifecycle manager/4.0.7
version/ibm engineering lifecycle manager/5.0.0
version/ibm engineering lifecycle manager/5.0.1
version/ibm engineering lifecycle manager/5.0.2
version/ibm engineering lifecycle manager/6.0.0
version/ibm engineering lifecycle manager/6.0.1
version/ibm engineering lifecycle manager/6.0.2
version/ibm engineering lifecycle manager/6.0.3
version/ibm engineering lifecycle manager/6.0.4