This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), and Rational Rhapsody Design Manager (Rhapsody DM).
CVEID: CVE-2016-2986** *DESCRIPTION: IBM Jazz Team Server and the CLM applications (RTC, RQM, RDNG), RELM, and Rhapsody DM are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114002 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Rational Collaborative Lifecycle Management 6.0.1 - 6.0.2
Rational Quality Manager 6.0.1 - 6.0.2
Rational Team Concert 6.0.1 - 6.0.2
Rational DOORS Next Generation 6.0.1 - 6.0.2
Rational Engineering Lifecycle Manager 6.0.1 - 6.0.2
Rational Rhapsody Design Manager 6.0.1 - 6.0.2
For the 6.0.1 releases, upgrade to version 6.0.1 ifix6 or later
Or For the 6.0.2 releases, upgrade to version 6.0.2 ifix3 or later