Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveIbmCVE-2015-7471
HistoryMar 15, 2018 - 10:29 p.m.

CVE-2015-7471

2018-03-1522:29:00
CWE-79
ibm
web.nvd.nist.gov
27
cve-2015-7471
ibm
rational
collaborative lifecycle management
xss
vulnerability
rqm
rtc
rrc
rdng
relm
rhapsody dm
rsa dm
injection
security

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

25.5%

JSON

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote authenticated users with project administrator privileges to inject arbitrary web script or HTML via a crafted project. IBM X-Force ID: 108429.

Affected configurations

Nvd
Node
ibmrational_collaborative_lifecycle_managementRange3.0.16.0.1
Node
ibmrational_quality_managerRange3.03.0.1.6
OR
ibmrational_quality_managerRange4.04.0.7
OR
ibmrational_quality_managerMatch5.0
OR
ibmrational_quality_managerMatch5.0.1
OR
ibmrational_quality_managerMatch5.0.2
OR
ibmrational_quality_managerMatch6.0
OR
ibmrational_quality_managerMatch6.0.1
Node
ibmrational_team_concertRange3.03.0.6
OR
ibmrational_team_concertRange4.04.0.7
OR
ibmrational_team_concertMatch5.0
OR
ibmrational_team_concertMatch5.0.1
OR
ibmrational_team_concertMatch5.0.2
OR
ibmrational_team_concertMatch6.0
OR
ibmrational_team_concertMatch6.0.1
Node
ibmrational_requirements_composerRange3.03.0.1.6
OR
ibmrational_requirements_composerRange4.04.0.7
Node
ibmrational_doors_next_generationRange4.04.0.7
OR
ibmrational_doors_next_generationMatch5.0
OR
ibmrational_doors_next_generationMatch5.0.1
OR
ibmrational_doors_next_generationMatch5.0.2
OR
ibmrational_doors_next_generationMatch6.0.0
OR
ibmrational_doors_next_generationMatch6.0.1
Node
ibmrational_engineering_lifecycle_managerRange4.0.34.0.7
OR
ibmrational_engineering_lifecycle_managerMatch5.0
OR
ibmrational_engineering_lifecycle_managerMatch5.0.1
OR
ibmrational_engineering_lifecycle_managerMatch5.0.2
OR
ibmrational_engineering_lifecycle_managerMatch6.0
OR
ibmrational_engineering_lifecycle_managerMatch6.0.1
Node
ibmrational_rhapsody_design_managerRange4.04.0.7
OR
ibmrational_rhapsody_design_managerMatch5.0
OR
ibmrational_rhapsody_design_managerMatch5.0.1
OR
ibmrational_rhapsody_design_managerMatch5.0.2
OR
ibmrational_rhapsody_design_managerMatch6.0
OR
ibmrational_rhapsody_design_managerMatch6.0.1
Node
ibmrational_software_architect_design_managerRange4.04.0.7
OR
ibmrational_software_architect_design_managerMatch5.0
OR
ibmrational_software_architect_design_managerMatch5.0.1
OR
ibmrational_software_architect_design_managerMatch5.0.2
OR
ibmrational_software_architect_design_managerMatch6.0
OR
ibmrational_software_architect_design_managerMatch6.0.1
VendorProductVersionCPE
ibmrational_collaborative_lifecycle_management*cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*
ibmrational_quality_manager*cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*
ibmrational_quality_manager5.0cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*
ibmrational_quality_manager5.0.1cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*
ibmrational_quality_manager5.0.2cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*
ibmrational_quality_manager6.0cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*
ibmrational_quality_manager6.0.1cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*
ibmrational_team_concert*cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*
ibmrational_team_concert5.0cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*
ibmrational_team_concert5.0.1cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*
Rows per page:
1-10 of 381

Related

cvelist 1
prion 1
nvd 1
ibm 2
cvelist
cvelist
CVE-2015-7471
2018-03-15 22:00:00
prion
prion
Cross site scripting
2018-03-15 22:29:00
nvd
nvd
CVE-2015-7471
2018-03-15 22:29:00
ibm
ibm
Security Bulletin: Vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology (CVE-2015-7440, CVE-2015-7453, CVE-2015-7471)
2021-04-28 18:35:50
Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2015-7440, CVE-2015-7453)
2018-06-17 05:10:13

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

25.5%

JSON
Related for CVE-2015-7471
cvelist1prion1nvd1ibm2