CVE-2016-0273

Published: Nov 24, 2016Modified: May 6, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Affected (101)

Products: Ibm: Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Collaborative Lifecycle Management, Rational Quality Manager, Rational Software Architect Design Manager, Rational Rhapsody Design Manager, Rational Team Concert

Ibm

7 products

Rational Doors Next Generation

Rational Engineering Lifecycle Manager

Rational Collaborative Lifecycle Management

Rational Quality Manager

Rational Software Architect Design Manager

Rational Rhapsody Design Manager

Rational Team Concert

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Doors Next Generation	Version 4.0.0
Ibm Rational Doors Next Generation	Version 4.0.1
Ibm Rational Doors Next Generation	Version 4.0.2
Ibm Rational Doors Next Generation	Version 4.0.3
Ibm Rational Doors Next Generation	Version 4.0.4
Ibm Rational Doors Next Generation	Version 4.0.5
Ibm Rational Doors Next Generation	Version 4.0.6
Ibm Rational Doors Next Generation	Version 4.0.7
Ibm Rational Doors Next Generation	Version 5.0.0
Ibm Rational Doors Next Generation	Version 5.0.1
Ibm Rational Doors Next Generation	Version 5.0.2
Ibm Rational Doors Next Generation	Version 6.0.0
Ibm Rational Doors Next Generation	Version 6.0.1
Ibm Rational Doors Next Generation	Version 6.0.2

Configuration B

14 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Engineering Lifecycle Manager	Version 4.0.0
Ibm Rational Engineering Lifecycle Manager	Version 4.0.1
Ibm Rational Engineering Lifecycle Manager	Version 4.0.2
Ibm Rational Engineering Lifecycle Manager	Version 4.0.3
Ibm Rational Engineering Lifecycle Manager	Version 4.0.4
Ibm Rational Engineering Lifecycle Manager	Version 4.0.5
Ibm Rational Engineering Lifecycle Manager	Version 4.0.6
Ibm Rational Engineering Lifecycle Manager	Version 4.0.7
Ibm Rational Engineering Lifecycle Manager	Version 5.0.0
Ibm Rational Engineering Lifecycle Manager	Version 5.0.1
Ibm Rational Engineering Lifecycle Manager	Version 5.0.2
Ibm Rational Engineering Lifecycle Manager	Version 6.0.0
Ibm Rational Engineering Lifecycle Manager	Version 6.0.1
Ibm Rational Engineering Lifecycle Manager	Version 6.0.2

Configuration C

15 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Collaborative Lifecycle Management	Version 3.0.1.6
Ibm Rational Collaborative Lifecycle Management	Version 4.0.0
Ibm Rational Collaborative Lifecycle Management	Version 4.0.1
Ibm Rational Collaborative Lifecycle Management	Version 4.0.2
Ibm Rational Collaborative Lifecycle Management	Version 4.0.3
Ibm Rational Collaborative Lifecycle Management	Version 4.0.4
Ibm Rational Collaborative Lifecycle Management	Version 4.0.5
Ibm Rational Collaborative Lifecycle Management	Version 4.0.6
Ibm Rational Collaborative Lifecycle Management	Version 4.0.7
Ibm Rational Collaborative Lifecycle Management	Version 5.0.0
Ibm Rational Collaborative Lifecycle Management	Version 5.0.1
Ibm Rational Collaborative Lifecycle Management	Version 5.0.2
Ibm Rational Collaborative Lifecycle Management	Version 6.0.0
Ibm Rational Collaborative Lifecycle Management	Version 6.0.1
Ibm Rational Collaborative Lifecycle Management	Version 6.0.2

Configuration D

15 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Quality Manager	Version 3.0.1.6
Ibm Rational Quality Manager	Version 4.0.0
Ibm Rational Quality Manager	Version 4.0.1
Ibm Rational Quality Manager	Version 4.0.2
Ibm Rational Quality Manager	Version 4.0.3
Ibm Rational Quality Manager	Version 4.0.4
Ibm Rational Quality Manager	Version 4.0.5
Ibm Rational Quality Manager	Version 4.0.6
Ibm Rational Quality Manager	Version 4.0.7
Ibm Rational Quality Manager	Version 5.0.0
Ibm Rational Quality Manager	Version 5.0.1
Ibm Rational Quality Manager	Version 5.0.2
Ibm Rational Quality Manager	Version 6.0.0
Ibm Rational Quality Manager	Version 6.0.1
Ibm Rational Quality Manager	Version 6.0.2

Configuration E

14 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Software Architect Design Manager	Version 4.0.0
Ibm Rational Software Architect Design Manager	Version 4.0.1
Ibm Rational Software Architect Design Manager	Version 4.0.2
Ibm Rational Software Architect Design Manager	Version 4.0.3
Ibm Rational Software Architect Design Manager	Version 4.0.4
Ibm Rational Software Architect Design Manager	Version 4.0.5
Ibm Rational Software Architect Design Manager	Version 4.0.6
Ibm Rational Software Architect Design Manager	Version 4.0.7
Ibm Rational Software Architect Design Manager	Version 5.0.0
Ibm Rational Software Architect Design Manager	Version 5.0.1
Ibm Rational Software Architect Design Manager	Version 5.0.2
Ibm Rational Software Architect Design Manager	Version 6.0.0
Ibm Rational Software Architect Design Manager	Version 6.0.1
Ibm Rational Software Architect Design Manager	Version 6.0.2

Configuration F

14 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Rhapsody Design Manager	Version 4.0.1
Ibm Rational Rhapsody Design Manager	Version 4.0.2
Ibm Rational Rhapsody Design Manager	Version 4.0.3
Ibm Rational Rhapsody Design Manager	Version 4.0.4
Ibm Rational Rhapsody Design Manager	Version 4.0.5
Ibm Rational Rhapsody Design Manager	Version 4.0.6
Ibm Rational Rhapsody Design Manager	Version 4.0.7
Ibm Rational Rhapsody Design Manager	Version 4.0
Ibm Rational Rhapsody Design Manager	Version 5.0.0
Ibm Rational Rhapsody Design Manager	Version 5.0.1
Ibm Rational Rhapsody Design Manager	Version 5.0.2
Ibm Rational Rhapsody Design Manager	Version 6.0.0
Ibm Rational Rhapsody Design Manager	Version 6.0.1
Ibm Rational Rhapsody Design Manager	Version 6.0.2

Configuration G

15 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Team Concert	Version 3.0.1.6
Ibm Rational Team Concert	Version 4.0.0
Ibm Rational Team Concert	Version 4.0.1
Ibm Rational Team Concert	Version 4.0.2
Ibm Rational Team Concert	Version 4.0.3
Ibm Rational Team Concert	Version 4.0.4
Ibm Rational Team Concert	Version 4.0.5
Ibm Rational Team Concert	Version 4.0.6
Ibm Rational Team Concert	Version 4.0.7
Ibm Rational Team Concert	Version 5.0.0
Ibm Rational Team Concert	Version 5.0.1
Ibm Rational Team Concert	Version 5.0.2
Ibm Rational Team Concert	Version 6.0.0
Ibm Rational Team Concert	Version 6.0.1
Ibm Rational Team Concert	Version 6.0.2

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21991478

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/94557

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21991478

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/94557

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.