CVE-2017-1790: XSS
First published: Tue Apr 10 2018(Updated: )
IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137035.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Requirements Composer | =5.0 | |
| IBM Rational Requirements Composer | =5.0.1 | |
| IBM Rational Requirements Composer | =5.0.2 | |
| IBM Rational DOORS Next Generation | =6.0.0 | |
| IBM Rational DOORS Next Generation | =6.0.1 | |
| IBM Rational DOORS Next Generation | =6.0.2 | |
| IBM Rational DOORS Next Generation | =6.0.3 | |
| IBM Rational DOORS Next Generation | =6.0.4 | |
| IBM Rational DOORS Next Generation | =6.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-1790?
CVE-2017-1790 is a vulnerability in IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through 6.0.5 that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted environment.
How severe is CVE-2017-1790?
CVE-2017-1790 has a severity rating of 5.4 (medium).
Which software versions are affected by CVE-2017-1790?
The affected software versions are IBM Rational Requirements Composer 5.0, 5.0.1, and 5.0.2, as well as IBM Rational DOORS Next Generation 6.0 through 6.0.5.
What is the Common Weakness Enumeration (CWE) associated with CVE-2017-1790?
The CWE associated with CVE-2017-1790 is CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).
How can I fix the vulnerability in IBM DOORS Next Generation?
To fix the vulnerability, it is recommended to upgrade to a non-vulnerable version of IBM DOORS Next Generation.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/weakness
- agent/tags
- agent/event
- vendor/ibm
- canonical/ibm rational requirements composer
- version/ibm rational requirements composer/5.0
- version/ibm rational requirements composer/5.0.1
- version/ibm rational requirements composer/5.0.2
- canonical/ibm rational doors next generation
- version/ibm rational doors next generation/6.0.0
- version/ibm rational doors next generation/6.0.1
- version/ibm rational doors next generation/6.0.2
- version/ibm rational doors next generation/6.0.3
- version/ibm rational doors next generation/6.0.4
- version/ibm rational doors next generation/6.0.5