What is the severity of CVE-2017-1652?

The severity of CVE-2017-1652 is medium, with a CVSS score of 5.4.

How can cross-site scripting (XSS) affect the affected software versions?

Cross-site scripting (XSS) allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to unauthorized actions.

What can an attacker do with cross-site scripting (XSS) in IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management?

An attacker can exploit the cross-site scripting (XSS) vulnerability to inject malicious scripts, steal user session information, or perform other unauthorized actions.

How can I fix CVE-2017-1652 vulnerability in IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management?

To fix the CVE-2017-1652 vulnerability, it is recommended to upgrade to a version of IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management that is not affected by the vulnerability.

Vulnerability/
CVE-2017-1652

medium

5.4

CWE

28/6/2018

5/8/2024

CVE-2017-1652: XSS

First published: Thu Jun 28 2018(Updated: )

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133263.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Rational Collaborative Lifecycle Management	=5.0
IBM Rational Collaborative Lifecycle Management	=5.0.1
IBM Rational Collaborative Lifecycle Management	=5.0.2
IBM Rational Collaborative Lifecycle Management	=6.0
IBM Rational Collaborative Lifecycle Management	=6.0.1
IBM Rational Collaborative Lifecycle Management	=6.0.2
IBM Rational Collaborative Lifecycle Management	=6.0.3
IBM Rational Collaborative Lifecycle Management	=6.0.4
IBM Rational Collaborative Lifecycle Management	=6.0.5
IBM Rational Quality Manager	=5.0
IBM Rational Quality Manager	=5.0.1
IBM Rational Quality Manager	=5.0.2
IBM Rational Quality Manager	=6.0
IBM Rational Quality Manager	=6.0.1
IBM Rational Quality Manager	=6.0.2
IBM Rational Quality Manager	=6.0.3
IBM Rational Quality Manager	=6.0.4
IBM Rational Quality Manager	=6.0.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1652?
The severity of CVE-2017-1652 is medium, with a CVSS score of 5.4.
What is the vulnerability in IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.5?
The vulnerability in IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.5 is cross-site scripting (XSS).
How can cross-site scripting (XSS) affect the affected software versions?
Cross-site scripting (XSS) allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to unauthorized actions.
What can an attacker do with cross-site scripting (XSS) in IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management?
An attacker can exploit the cross-site scripting (XSS) vulnerability to inject malicious scripts, steal user session information, or perform other unauthorized actions.
How can I fix CVE-2017-1652 vulnerability in IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management?
To fix the CVE-2017-1652 vulnerability, it is recommended to upgrade to a version of IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management that is not affected by the vulnerability.

collector/nvd-index
agent/severity
agent/weakness
agent/references
agent/author
agent/description
agent/event
agent/type
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/ibm
canonical/ibm rational collaborative lifecycle management
version/ibm rational collaborative lifecycle management/5.0
version/ibm rational collaborative lifecycle management/5.0.1
version/ibm rational collaborative lifecycle management/5.0.2
version/ibm rational collaborative lifecycle management/6.0
version/ibm rational collaborative lifecycle management/6.0.1
version/ibm rational collaborative lifecycle management/6.0.2
version/ibm rational collaborative lifecycle management/6.0.3
version/ibm rational collaborative lifecycle management/6.0.4
version/ibm rational collaborative lifecycle management/6.0.5
canonical/ibm rational quality manager
version/ibm rational quality manager/5.0
version/ibm rational quality manager/5.0.1
version/ibm rational quality manager/5.0.2
version/ibm rational quality manager/6.0
version/ibm rational quality manager/6.0.1
version/ibm rational quality manager/6.0.2
version/ibm rational quality manager/6.0.3
version/ibm rational quality manager/6.0.4
version/ibm rational quality manager/6.0.5

CVE-2017-1652: XSS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1652?

What is the vulnerability in IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.5?

How can cross-site scripting (XSS) affect the affected software versions?

What can an attacker do with cross-site scripting (XSS) in IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management?

How can I fix CVE-2017-1652 vulnerability in IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management?

Company

Resources

Contact