IBM® Rational® Quality Manager could allow an authenticated attacker to inject commands through a specially crafted HTML request that would be executed by the operating system with user privileges.
CVEID: CVE-2016-0326**
DESCRIPTION:** IBM Rational Quality Manager could allow an authenticated attacker to inject commands through a specially crafted HTML request that would be executed by the operating system with user privileges.
CVSS Base Score: 6.3
CVSS Temporal Score: See _https://exchange.xforce.ibmcloud.com/vulnerabilities/111642 _for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Rational Collaborative Lifecycle Management 4.0.0 - 6.0.1
Rational Quality Manager 6.0 - 6.0.1
Rational Quality Manager 5.0 - 5.0.2
Rational Quality Manager 4.0 - 4.0.7
Rational Quality Manager 3.0.1.6
For the 6.0.0 - 6.0.1 releases, upgrade to version 6.0.2 or 6.0.1 ifix3 or later
For the 5.0 - 5.0.2 releases, upgrade to version 5.0.2 iFix17 or later
Rational Quality Manager 5.0.2 iFix17
_
_For the 4.0 - 4.0.7 releases, upgrade to version 4.0.7 iFix11 or later
For the 3.x releases upgrade to version 3.0.1.6 iFix8 or later
None