Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM28A09B3998AC5F0A25A228994A66DFF5944F62DE8627931F22B8D99CB8EEA181
HistoryFeb 05, 2020 - 12:09 a.m.

Security Bulletin: Cross-Site Scripting Vulnerability with the UML Vizualization tools

2020-02-0500:09:48
www.ibm.com
11

EPSS

0.001

Percentile

46.7%

JSON

Summary

A cross-site scripting vulnerability with the UML Vizualization tools was addressed by IBM Rational Application Developer for WebSphere Software.

Vulnerability Details

CVEID: CVE-2015-7439 **
DESCRIPTION:** IBM InfoSphere Data Architect is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107990 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM Rational Application Developer for WebSphere Software 9.5 and earlier

Remediation/Fixes

Update UML Vizualization tools in the product to address this vulnerability:

Product VRMF APAR Remediation/First Fix
Rational Application Developer 8.5 through 9.5 PI53841

Related

prion 1
ibm 3
cvelist 1
nvd 1
cve 1
prion
prion
Cross site scripting
2016-01-27 05:59:00
ibm
ibm
Security Bulletin: A security vulnerability has been identified in InfoSphere Data Architect (IDA) that allows remote attackers to inject arbitrary web script or HTML via a crafted URL. (CVE-2015-7439)
2018-06-16 13:38:20
Security Bulletin: A security vulnerability has been identified in IBM Rational Application Developer shipped with IBM Business Modeler (CVE-2015-7439)
2018-06-15 07:05:39
Security Bulletin: Vulnerability in IBM InfoSphere Data Architect Cross-Site Scripting affects Rational Software Architect, Rational Software Architect for WebSphere Software and Rational Software Architect RealTime (CVE-2015-7439)
2020-09-10 15:49:00
cvelist
cvelist
CVE-2015-7439
2016-01-27 02:00:00
nvd
nvd
CVE-2015-7439
2016-01-27 05:59:00
cve
cve
CVE-2015-7439
2016-01-27 05:59:00

EPSS

0.001

Percentile

46.7%

JSON
Related for 28A09B3998AC5F0A25A228994A66DFF5944F62DE8627931F22B8D99CB8EEA181
prion1ibm3cvelist1nvd1cve1