CVE-2019-4748: XSS
First published: Mon Jul 13 2020(Updated: )
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Collaborative Lifecycle Management | =6.0.2 | |
| Ibm Collaborative Lifecycle Management | =6.0.6 | |
| Ibm Collaborative Lifecycle Management | =6.0.6.1 | |
| IBM DOORS Next | =7.0 | |
| Ibm Engineering Lifecycle Manager | =7.0 | |
| IBM Engineering Test Management | =7.0 | |
| IBM Engineering Workflow Management | =7.0 | |
| IBM Rational DOORS Next Generation | =6.0.2 | |
| IBM Rational DOORS Next Generation | =6.0.6 | |
| IBM Rational DOORS Next Generation | =6.0.6.1 | |
| IBM Rational Quality Manager | =6.0.2 | |
| IBM Rational Quality Manager | =6.0.6 | |
| IBM Rational Quality Manager | =6.0.6.1 | |
| IBM Rational Team Concert | =6.0.2 | |
| IBM Rational Team Concert | =6.0.6 | |
| IBM Rational Team Concert | =6.0.6.1 | |
| Ibm Reference Data Management | =7.0 | |
| Ibm Rhapsody Design Manager | =6.0.2 | |
| Ibm Rhapsody Design Manager | =6.0.6 | |
| Ibm Rhapsody Design Manager | =6.0.6.1 | |
| IBM ETM | <=7.0 | |
| IBM RQM | <=6.0.6.1 | |
| IBM RQM | <=6.0.6 | |
| IBM RQM | <=6.0.2 | |
| IBM DOORS Next | <=7.0 | |
| IBM RDNG | <=6.0.2 | |
| IBM RDNG | <=6.0.6.1 | |
| IBM RDNG | <=6.0.6 | |
| IBM EWM | <=7.0 | |
| IBM RTC | <=6.0.2 | |
| IBM RTC | <=6.0.6.1 | |
| IBM RTC | <=6.0.6 | |
| IBM ELM | <=7.0 | |
| IBM CLM | <=6.0.6.1 | |
| IBM CLM | <=6.0.6 | |
| IBM CLM | <=6.0.2 | |
| IBM RDM | <=7.0 | |
| IBM Rhapsody DM | <=6.0.6 | |
| IBM Rhapsody DM | <=6.0.6.1 | |
| IBM Rhapsody DM | <=6.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-4748?
CVE-2019-4748 is a vulnerability in IBM Jazz Team Server-based Applications that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.
How severe is CVE-2019-4748?
CVE-2019-4748 has a severity value of 5.4, which is considered medium.
Which IBM products are affected by CVE-2019-4748?
IBM ETM 7.0, IBM RQM 6.0.6.1, IBM RQM 6.0.6, IBM RQM 6.0.2, IBM DOORS Next 7.0, IBM RDNG 6.0.2, IBM RDNG 6.0.6.1, IBM RDNG 6.0.6, IBM EWM 7.0, IBM RTC 6.0.2, IBM RTC 6.0.6.1, IBM RTC 6.0.6, IBM ELM 7.0, IBM CLM 6.0.6.1, IBM CLM 6.0.6, IBM CLM 6.0.2, IBM RDM 7.0, IBM Rhapsody DM 6.0.6, and IBM Rhapsody DM 6.0.6.1 are affected by CVE-2019-4748.
How can I fix CVE-2019-4748 vulnerability?
To fix the CVE-2019-4748 vulnerability, IBM recommends applying the necessary patches and fixes provided by IBM.
Where can I find more information about CVE-2019-4748 vulnerability?
More information about the CVE-2019-4748 vulnerability can be found on the IBM X-Force ID: 173174 page and the IBM support website.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm collaborative lifecycle management
- version/ibm collaborative lifecycle management/6.0.2
- version/ibm collaborative lifecycle management/6.0.6
- version/ibm collaborative lifecycle management/6.0.6.1
- canonical/ibm doors next
- version/ibm doors next/7.0
- canonical/ibm engineering lifecycle manager
- version/ibm engineering lifecycle manager/7.0
- canonical/ibm engineering test management
- version/ibm engineering test management/7.0
- canonical/ibm engineering workflow management
- version/ibm engineering workflow management/7.0
- canonical/ibm rational doors next generation
- version/ibm rational doors next generation/6.0.2
- version/ibm rational doors next generation/6.0.6
- version/ibm rational doors next generation/6.0.6.1
- canonical/ibm rational quality manager
- version/ibm rational quality manager/6.0.2
- version/ibm rational quality manager/6.0.6
- version/ibm rational quality manager/6.0.6.1
- canonical/ibm rational team concert
- version/ibm rational team concert/6.0.2
- version/ibm rational team concert/6.0.6
- version/ibm rational team concert/6.0.6.1
- canonical/ibm reference data management
- version/ibm reference data management/7.0
- canonical/ibm rhapsody design manager
- version/ibm rhapsody design manager/6.0.2
- version/ibm rhapsody design manager/6.0.6
- version/ibm rhapsody design manager/6.0.6.1
- canonical/ibm etm
- version/ibm etm/7.0
- canonical/ibm rqm
- version/ibm rqm/6.0.6.1
- version/ibm rqm/6.0.6
- version/ibm rqm/6.0.2
- canonical/ibm rdng
- version/ibm rdng/6.0.2
- version/ibm rdng/6.0.6.1
- version/ibm rdng/6.0.6
- canonical/ibm ewm
- version/ibm ewm/7.0
- canonical/ibm rtc
- version/ibm rtc/6.0.2
- version/ibm rtc/6.0.6.1
- version/ibm rtc/6.0.6
- canonical/ibm elm
- version/ibm elm/7.0
- canonical/ibm clm
- version/ibm clm/6.0.6.1
- version/ibm clm/6.0.6
- version/ibm clm/6.0.2
- canonical/ibm rdm
- version/ibm rdm/7.0
- canonical/ibm rhapsody dm
- version/ibm rhapsody dm/6.0.6
- version/ibm rhapsody dm/6.0.6.1
- version/ibm rhapsody dm/6.0.2