CVE-2016-2986

MEDIUM

IBM Rational Engineering Lifecycle Manager - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle Manager 6.x before 6.0.1 iFix6, and Rational Rhapsody Design Manager 6.x before 6.0.1 iFix6 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

References (2)

Scores

CVSS v3 5.4
EPSS 0.0017
EPSS Percentile 37.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status published

Affected Products (16)

ibm/rational_engineering_lifecycle_manager
ibm/rational_engineering_lifecycle_manager
ibm/rational_engineering_lifecycle_manager
ibm/rational_team_concert
ibm/rational_team_concert
ibm/rational_team_concert
ibm/rational_quality_manager
ibm/rational_quality_manager
ibm/rational_quality_manager
ibm/rational_doors_next_generation
ibm/rational_doors_next_generation
ibm/rational_doors_next_generation
ibm/rational_rhapsody_design_manager
ibm/rational_rhapsody_design_manager
ibm/rational_rhapsody_design_manager
... and 1 more

Timeline

Published Nov 25, 2016
Tracked Since Feb 18, 2026