IBM Rational Team Concert up to 5.x/6.0.6 Web UI cross site scripting

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as problematic was found in IBM Rational Team Concert up to 5.x/6.0.6. This vulnerability affects some unknown processing of the component Web UI. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field03/15/2019 09:07 AM05/16/2020 09:07 PM
vendorIBMIBM
nameRational Team ConcertRational Team Concert
version<=5.x/6.0.6<=5.x/6.0.6
componentWeb UIWeb UI
cwe79 (cross site scripting)79 (cross site scripting)
risk11
cvss2_vuldb_basescore3.53.5
cvss2_vuldb_tempscore3.53.5
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auSS
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_meta_basescore4.74.7
cvss3_meta_tempscore4.74.7
cvss3_vuldb_basescore4.14.1
cvss3_vuldb_tempscore4.14.1
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiRR
cvss3_vuldb_sCC
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prLL
cvss3_nvd_uiRR
cvss3_nvd_sCC
cvss3_nvd_cLL
cvss3_nvd_iLL
cvss3_nvd_aNN
date1552521600 (03/14/2019)1552521600 (03/14/2019)
urlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/154136https://exchange.xforce.ibmcloud.com/vulnerabilities/154136
confirm_urlhttp://www.ibm.com/support/docview.wss?uid=ibm10875364http://www.ibm.com/support/docview.wss?uid=ibm10875364
price_0day$5k-$25k$5k-$25k
price_trend++
cveCVE-2018-1983CVE-2018-1983
cve_assigned15131232001513123200
cve_nvd_summaryIBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154136.IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154136.
seealso131771 131787 131789131771 131787 131789
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
0day_days66
cvss3_nvd_basescore5.45.4
discoverydate1552003200

Might our Artificial Intelligence support you?

Check our Alexa App!