CVE-2017-1568: XSS
First published: Thu Jun 28 2018(Updated: )
IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131778.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Collaborative Lifecycle Management | =5.0 | |
| IBM Rational Collaborative Lifecycle Management | =5.0.1 | |
| IBM Rational Collaborative Lifecycle Management | =5.0.2 | |
| IBM Rational Collaborative Lifecycle Management | =6.0 | |
| IBM Rational Collaborative Lifecycle Management | =6.0.1 | |
| IBM Rational Collaborative Lifecycle Management | =6.0.2 | |
| IBM Rational Collaborative Lifecycle Management | =6.0.3 | |
| IBM Rational Collaborative Lifecycle Management | =6.0.4 | |
| IBM Rational Collaborative Lifecycle Management | =6.0.5 | |
| IBM Rational Quality Manager | =5.0 | |
| IBM Rational Quality Manager | =5.0.1 | |
| IBM Rational Quality Manager | =5.0.2 | |
| IBM Rational Quality Manager | =6.0 | |
| IBM Rational Quality Manager | =6.0.1 | |
| IBM Rational Quality Manager | =6.0.2 | |
| IBM Rational Quality Manager | =6.0.3 | |
| IBM Rational Quality Manager | =6.0.4 | |
| IBM Rational Quality Manager | =6.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-1568?
CVE-2017-1568 is the identifier for a vulnerability in IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management that allows for cross-site scripting.
How severe is CVE-2017-1568?
CVE-2017-1568 has a severity rating of 5.4, which is classified as medium severity.
What is the affected software for CVE-2017-1568?
The affected software for CVE-2017-1568 includes IBM Rational Quality Manager versions 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, and IBM Rational Collaborative Lifecycle Management versions 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5.
How can cross-site scripting be exploited in IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management?
Cross-site scripting vulnerability in IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to alteration of intended functionality.
Where can I find more information about CVE-2017-1568?
You can find more information about CVE-2017-1568 at the following references: [XForce IBM Cloud](https://exchange.xforce.ibmcloud.com/vulnerabilities/131778) and [IBM Security Events & Conferences](https://www-prd-trops.events.ibm.com/node/715749).
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm rational collaborative lifecycle management
- version/ibm rational collaborative lifecycle management/5.0
- version/ibm rational collaborative lifecycle management/5.0.1
- version/ibm rational collaborative lifecycle management/5.0.2
- version/ibm rational collaborative lifecycle management/6.0
- version/ibm rational collaborative lifecycle management/6.0.1
- version/ibm rational collaborative lifecycle management/6.0.2
- version/ibm rational collaborative lifecycle management/6.0.3
- version/ibm rational collaborative lifecycle management/6.0.4
- version/ibm rational collaborative lifecycle management/6.0.5
- canonical/ibm rational quality manager
- version/ibm rational quality manager/5.0
- version/ibm rational quality manager/5.0.1
- version/ibm rational quality manager/5.0.2
- version/ibm rational quality manager/6.0
- version/ibm rational quality manager/6.0.1
- version/ibm rational quality manager/6.0.2
- version/ibm rational quality manager/6.0.3
- version/ibm rational quality manager/6.0.4
- version/ibm rational quality manager/6.0.5