IBM® Rational® Quality Manager is vulnerable to multiple cross-site scripting vulnerabilities.
CVEID: CVE-2017-1100**
DESCRIPTION:** IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120661 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2017-1101**
DESCRIPTION:** IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120662 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2017-1102**
DESCRIPTION:** IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120663 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2017-1104**
DESCRIPTION:** IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120666 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Rational Collaborative Lifecycle Management 4.0.0 - 6.0.3
Rational Quality Manager 6.0 - 6.0.3
Rational Quality Manager 5.0 - 5.0.2
Rational Quality Manager 4.0 - 4.0.7
For the 6.0.x releases, upgrade to 6.0.4, 6.03 ifix005 or 6.0.2 ifix011.
Version 6.0.3 iFix005 or later
* Rational Quality Manager 6.0.3 iFix005
Version 6.0.2 iFix011 or later
* Rational Quality Manager 6.0.2 iFix011
For the 5.x releases, upgrade to version 5.0.2 iFix21 or later
Rational Quality Manager 5.0.2 iFix21
_
_For the 4.x releases, upgrade to version 4.0.7 iFix14 or later
For any prior versions of the products listed above, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
If the iFix is not found in the Fix Portal please contact IBM Support.
None