Lucene search

IbmCVE-2013-5404

HistoryDec 10, 2013 - 7:55 p.m.

CVE-2013-5404

2013-12-1019:55:07

CWE-79

ibm

web.nvd.nist.gov

cve-2013-5404

cross-site scripting

xss vulnerability

ibm rational quality manager

rqm

nvd

security vulnerability

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

27.4%

JSON

Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element.

Affected configurations

Nvd

Node

ibmrational_quality_managerMatch2.0

ibmrational_quality_managerMatch2.0.0.1

ibmrational_quality_managerMatch2.0.0.2

ibmrational_quality_managerMatch2.0.1

ibmrational_quality_managerMatch2.0.1.1

ibmrational_quality_managerMatch3.0

ibmrational_quality_managerMatch3.0.1

ibmrational_quality_managerMatch3.0.1.1

ibmrational_quality_managerMatch3.0.1.2

ibmrational_quality_managerMatch3.0.1.3

ibmrational_quality_managerMatch3.0.1.4

ibmrational_quality_managerMatch3.0.1.5

ibmrational_quality_managerMatch3.0.1.6

ibmrational_quality_managerMatch4.0

ibmrational_quality_managerMatch4.0.0.1

ibmrational_quality_managerMatch4.0.0.2

ibmrational_quality_managerMatch4.0.1

ibmrational_quality_managerMatch4.0.2

ibmrational_quality_managerMatch4.0.3

ibmrational_quality_managerMatch4.0.4

ibmrational_requirements_composerMatch2.0

ibmrational_requirements_composerMatch2.0.0.1

ibmrational_requirements_composerMatch2.0.0.2

ibmrational_requirements_composerMatch2.0.0.3

ibmrational_requirements_composerMatch2.0.0.4

ibmrational_requirements_composerMatch3.0

ibmrational_requirements_composerMatch3.0.1

ibmrational_requirements_composerMatch3.0.1.1

ibmrational_requirements_composerMatch3.0.1.2

ibmrational_requirements_composerMatch3.0.1.3

ibmrational_requirements_composerMatch3.0.1.4

ibmrational_requirements_composerMatch3.0.1.5

ibmrational_requirements_composerMatch3.0.1.6

ibmrational_requirements_composerMatch4.0

ibmrational_requirements_composerMatch4.0.1

ibmrational_requirements_composerMatch4.0.2

ibmrational_requirements_composerMatch4.0.3

ibmrational_requirements_composerMatch4.0.4

ibmrational_team_concertMatch2.0

ibmrational_team_concertMatch2.0.0.1

ibmrational_team_concertMatch2.0.0.2

ibmrational_team_concertMatch3.0

ibmrational_team_concertMatch3.0.1

ibmrational_team_concertMatch3.0.1.2

ibmrational_team_concertMatch3.0.1.3

ibmrational_team_concertMatch3.0.1.4

ibmrational_team_concertMatch3.0.1.5

ibmrational_team_concertMatch3.0.1.6

ibmrational_team_concertMatch4.0

ibmrational_team_concertMatch4.0.1

ibmrational_team_concertMatch4.0.2

ibmrational_team_concertMatch4.0.3

ibmrational_team_concertMatch4.0.4

ibmrational_team_concertMatch4.0.5

VendorProductVersionCPE
ibmrational_quality_manager2.0cpe:2.3:a:ibm:rational_quality_manager:2.0:*:*:*:*:*:*:*
ibmrational_quality_manager2.0.0.1cpe:2.3:a:ibm:rational_quality_manager:2.0.0.1:*:*:*:*:*:*:*
ibmrational_quality_manager2.0.0.2cpe:2.3:a:ibm:rational_quality_manager:2.0.0.2:*:*:*:*:*:*:*
ibmrational_quality_manager2.0.1cpe:2.3:a:ibm:rational_quality_manager:2.0.1:*:*:*:*:*:*:*
ibmrational_quality_manager2.0.1.1cpe:2.3:a:ibm:rational_quality_manager:2.0.1.1:*:*:*:*:*:*:*
ibmrational_quality_manager3.0cpe:2.3:a:ibm:rational_quality_manager:3.0:*:*:*:*:*:*:*
ibmrational_quality_manager3.0.1cpe:2.3:a:ibm:rational_quality_manager:3.0.1:*:*:*:*:*:*:*
ibmrational_quality_manager3.0.1.1cpe:2.3:a:ibm:rational_quality_manager:3.0.1.1:*:*:*:*:*:*:*
ibmrational_quality_manager3.0.1.2cpe:2.3:a:ibm:rational_quality_manager:3.0.1.2:*:*:*:*:*:*:*
ibmrational_quality_manager3.0.1.3cpe:2.3:a:ibm:rational_quality_manager:3.0.1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	rational_quality_manager	2.0	cpe:2.3:a:ibm:rational_quality_manager:2.0:::::::*
ibm	rational_quality_manager	2.0.0.1	cpe:2.3:a:ibm:rational_quality_manager:2.0.0.1:::::::*
ibm	rational_quality_manager	2.0.0.2	cpe:2.3:a:ibm:rational_quality_manager:2.0.0.2:::::::*
ibm	rational_quality_manager	2.0.1	cpe:2.3:a:ibm:rational_quality_manager:2.0.1:::::::*
ibm	rational_quality_manager	2.0.1.1	cpe:2.3:a:ibm:rational_quality_manager:2.0.1.1:::::::*
ibm	rational_quality_manager	3.0	cpe:2.3:a:ibm:rational_quality_manager:3.0:::::::*
ibm	rational_quality_manager	3.0.1	cpe:2.3:a:ibm:rational_quality_manager:3.0.1:::::::*
ibm	rational_quality_manager	3.0.1.1	cpe:2.3:a:ibm:rational_quality_manager:3.0.1.1:::::::*
ibm	rational_quality_manager	3.0.1.2	cpe:2.3:a:ibm:rational_quality_manager:3.0.1.2:::::::*
ibm	rational_quality_manager	3.0.1.3	cpe:2.3:a:ibm:rational_quality_manager:3.0.1.3:::::::*

Rows per page:

1-10 of 541

References

www-01.ibm.com/support/docview.wss?uid=swg21653689

exchange.xforce.ibmcloud.com/vulnerabilities/87318

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

27.4%

JSON

Related for CVE-2013-5404