Rational Engineering Lifecycle Manager is vulnerable to multiple cross-site scripting attacks with potential for credentials disclosure within a trusted session.
CVE(s): CVE-2017-1324, CVE-2017-1334, CVE-2017-1335, CVE-2017-1359, CVE-2017-1364, CVE-2017-1369, CVE-2017-1429
Affected product(s) and affected version(s):
Rational Engineering Lifecycle Manager 4.0.3 – 4.0.7
Rational Engineering Lifecycle Manager 5.0 – 5.0.2
Rational Engineering Lifecycle Manager 6.0 – 6.0.4
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2wXkQtd
X-Force Database: http://ift.tt/2fvmeIy
X-Force Database: http://ift.tt/2wYWjE2
X-Force Database: http://ift.tt/2fsafes
X-Force Database: http://ift.tt/2wWLH8S
X-Force Database: http://ift.tt/2fvmfMC
X-Force Database: http://ift.tt/2wYx1WI
X-Force Database: http://ift.tt/2fsahTC
The post IBM Security Bulletin: Cross-site Scripting vulnerabilities affect Rational Engineering Lifecycle Manager appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2wXzD7c
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.