312
VMScore

CVE-2016-2986

Published: 25/11/2016 Updated: 28/11/2016
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x prior to 6.0.1 iFix6, Rational Quality Manager 6.x prior to 6.0.1 iFix6, Rational Team Concert 6.x prior to 6.0.1 iFix6, Rational DOORS Next Generation 6.x prior to 6.0.1 iFix6, Rational Engineering Lifecycle Manager 6.x prior to 6.0.1 iFix6, and Rational Rhapsody Design Manager 6.x prior to 6.0.1 iFix6 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Affected Products

Vendor Product Versions
IbmRational Doors Next Generation6.0.0, 6.0.1, 6.0.2
IbmRational Engineering Lifecycle Manager6.0.0, 6.0.1, 6.0.2
IbmRational Quality Manager6.0.0, 6.0.1, 6.0.2
IbmRational Rhapsody Design Manager6.0.0, 6.0.1, 6.0.2
IbmRational Team Concert6.0.0, 6.0.1, 6.0.2