An undisclosed security vulnerability of IBM Rational Team Concert may result in Cross-Site Scripting attack.
CVEID: CVE-2015-0123
Description: IBM Rational Team Concert is vulnerable to stored cross-site scripting, caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie based authentication credentials.
CVSS Base Score: 3.5 **CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100421> for the current score *CVSS Environmental Score:**Undefined **CVSS Vector: **(AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVEID: CVE-2015-0122
Description: IBM Rational Team Concert is vulnerable to stored cross-site scripting, caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie based authentication credentials.
CVSS Base Score: 3.5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100420> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Rational Team Concert 2.0 - 2.0.0.2
Rational Team Concert 3.0 - 3.0.6
Rational Team Concert 4.0 - 4.0.7
Rational Team Concert 5.0 - 5.0.1
For the 5.x releases, upgrade to version 5.0.2 or later
For the 4.x releases, upgrade to version 4.0.7 iFix3 or later
For the 3.x releases upgrade to version 3.0.1.6 iFix 5 or later
For the 2.x releases, contact IBM support for additional details on the fix.
None