Thursday, September 28, 2017

IBM Security Bulletin: Cross-site Scripting vulnerabilities affect Rational Engineering Lifecycle Manager

Rational Engineering Lifecycle Manager is vulnerable to multiple cross-site scripting attacks with potential for credentials disclosure within a trusted session.

CVE(s): CVE-2017-1324, CVE-2017-1334, CVE-2017-1335, CVE-2017-1359, CVE-2017-1364, CVE-2017-1369, CVE-2017-1429

Affected product(s) and affected version(s):

Rational Engineering Lifecycle Manager 4.0.3 – 4.0.7
Rational Engineering Lifecycle Manager 5.0 – 5.0.2
Rational Engineering Lifecycle Manager 6.0 – 6.0.4

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2wXkQtd
X-Force Database: http://ift.tt/2fvmeIy
X-Force Database: http://ift.tt/2wYWjE2
X-Force Database: http://ift.tt/2fsafes
X-Force Database: http://ift.tt/2wWLH8S
X-Force Database: http://ift.tt/2fvmfMC
X-Force Database: http://ift.tt/2wYx1WI
X-Force Database: http://ift.tt/2fsahTC

The post IBM Security Bulletin: Cross-site Scripting vulnerabilities affect Rational Engineering Lifecycle Manager appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2wXzD7c

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.