Описание
Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108501.
Ссылки
- PatchVendor Advisory
- VDB Entry
- PatchVendor Advisory
- VDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 3.0 (включая) до 3.0.1.6 (включая)Версия от 4.0.3 (включая) до 4.0.7 (включая)Версия от 5.0 (включая) до 5.0.2 (включая)Версия от 6.0 (включая) до 6.0.1 (включая)
Одно из
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00148
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
около 3 лет назад
Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108501.
EPSS
Процентиль: 36%
0.00148
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79