Vulnerability Description
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Rational Team Concert | 3.0.1.6 |
| Ibm | Rational Rhapsody Design Manager | 4.0 |
| Ibm | Rational Engineering Lifecycle Manager | 4.0.0 |
| Ibm | Rational Quality Manager | 3.0.1.6 |
| Ibm | Rational Collaborative Lifecycle Management | 3.0.1.6 |
| Ibm | Rational Software Architect Design Manager | 4.0.0 |
| Ibm | Rational Doors Next Generation | 4.0.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21993444PatchVendor Advisory
- http://www.securityfocus.com/bid/94146
- http://www.securitytracker.com/id/1037276
- http://www.securitytracker.com/id/1037277
- http://www.securitytracker.com/id/1037278
- http://www.securitytracker.com/id/1037279
- http://www-01.ibm.com/support/docview.wss?uid=swg21993444PatchVendor Advisory
- http://www.securityfocus.com/bid/94146
- http://www.securitytracker.com/id/1037276
- http://www.securitytracker.com/id/1037277
- http://www.securitytracker.com/id/1037278
- http://www.securitytracker.com/id/1037279
FAQ
What is CVE-2016-2926?
CVE-2016-2926 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 b...
How severe is CVE-2016-2926?
CVE-2016-2926 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2926?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Rational Team Concert, Ibm Rational Rhapsody Design Manager, Ibm Rational Engineering Lifecycle Manager, Ibm Rational Quality Manager, Ibm Rational Collaborative Lifecycle Management.