CVE-2016-6037

2017-05-1014:00:00

ibm

www.cve.org

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

25.7%

JSON

IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 116918.

CNA Affected

[
  {
    "product": "Rational Collaborative Lifecycle Management",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.7, 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg22002429