Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveIbmCVE-2016-6037
HistoryMay 10, 2017 - 2:29 p.m.

CVE-2016-6037

2017-05-1014:29:00
CWE-79
ibm
web.nvd.nist.gov
26
ibm
rtc
html
injection
security
vulnerability
cve-2016-6037
nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

25.7%

JSON

IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 116918.

Affected configurations

Nvd
Vulners
Node
ibmrational_team_concertMatch4.0.0
OR
ibmrational_team_concertMatch4.0.1
OR
ibmrational_team_concertMatch4.0.2
OR
ibmrational_team_concertMatch4.0.3
OR
ibmrational_team_concertMatch4.0.4
OR
ibmrational_team_concertMatch4.0.5
OR
ibmrational_team_concertMatch4.0.6
OR
ibmrational_team_concertMatch4.0.7
OR
ibmrational_team_concertMatch5.0.0
OR
ibmrational_team_concertMatch5.0.1
OR
ibmrational_team_concertMatch5.0.2
OR
ibmrational_team_concertMatch6.0.0
OR
ibmrational_team_concertMatch6.0.1
OR
ibmrational_team_concertMatch6.0.2
OR
ibmrational_team_concertMatch6.0.3
Node
ibmrational_quality_managerMatch4.0.0
OR
ibmrational_quality_managerMatch4.0.1
OR
ibmrational_quality_managerMatch4.0.2
OR
ibmrational_quality_managerMatch4.0.3
OR
ibmrational_quality_managerMatch4.0.4
OR
ibmrational_quality_managerMatch4.0.5
OR
ibmrational_quality_managerMatch4.0.6
OR
ibmrational_quality_managerMatch4.0.7
OR
ibmrational_quality_managerMatch5.0.0
OR
ibmrational_quality_managerMatch5.0.1
OR
ibmrational_quality_managerMatch5.0.2
OR
ibmrational_quality_managerMatch6.0.0
OR
ibmrational_quality_managerMatch6.0.1
OR
ibmrational_quality_managerMatch6.0.2
VendorProductVersionCPE
ibmrational_team_concert4.0.0cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:*
ibmrational_team_concert4.0.1cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*
ibmrational_team_concert4.0.2cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*
ibmrational_team_concert4.0.3cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*
ibmrational_team_concert4.0.4cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*
ibmrational_team_concert4.0.5cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*
ibmrational_team_concert4.0.6cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*
ibmrational_team_concert4.0.7cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*
ibmrational_team_concert5.0.0cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*
ibmrational_team_concert5.0.1cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*
Rows per page:
1-10 of 291

CNA Affected

[
  {
    "product": "Rational Collaborative Lifecycle Management",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.7, 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3"
      }
    ]
  }
]

Related

nvd 1
cvelist 1
prion 1
ibm 1
nvd
nvd
CVE-2016-6037
2017-05-10 14:29:00
cvelist
cvelist
CVE-2016-6037
2017-05-10 14:00:00
prion
prion
Design/Logic Flaw
2017-05-10 14:29:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities affect IBM® Rational® Quality Manager and IBM® Rational® Team Concert with potential for security attacks
2021-04-28 18:35:50

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

25.7%

JSON
Related for CVE-2016-6037
nvd1cvelist1prion1ibm1