CVE-2016-3014 — MEDIUM (5.4)

Vulnerability Description

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Rational Engineering Lifecycle Manager	4.0.0
Ibm	Rational Rhapsody Design Manager	4.0
Ibm	Rational Quality Manager	4.0.0
Ibm	Rational Software Architect Design Manager	4.0.0
Ibm	Rational Doors Next Generation	4.0.0
Ibm	Rational Team Concert	4.0.0
Ibm	Rational Collaborative Lifecycle Management	4.0.0

Related Weaknesses (CWE)

CWE-79

References

http://www-01.ibm.com/support/docview.wss?uid=swg21992151Vendor Advisory
http://www.securityfocus.com/bid/93515Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1037025
http://www.securitytracker.com/id/1037026
http://www.securitytracker.com/id/1037027
http://www.securitytracker.com/id/1037028
http://www-01.ibm.com/support/docview.wss?uid=swg21992151Vendor Advisory
http://www.securityfocus.com/bid/93515Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1037025
http://www.securitytracker.com/id/1037026
http://www.securitytracker.com/id/1037027
http://www.securitytracker.com/id/1037028

FAQ

What is CVE-2016-3014?

CVE-2016-3014 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5....

How severe is CVE-2016-3014?

CVE-2016-3014 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-3014?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Rational Engineering Lifecycle Manager, Ibm Rational Rhapsody Design Manager, Ibm Rational Quality Manager, Ibm Rational Software Architect Design Manager, Ibm Rational Doors Next Generation.