Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-6037

Опубликовано: 10 мая 2017
Источник: nvd
CVSS3: 4.8
CVSS2: 3.5
EPSS Низкий

Описание

IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_team_concert:6.0.3:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:ibm:rational_quality_manager:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 36%
0.00152
Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-mmwp-mp76-6x74

CVSS3: 4.8
github
больше 3 лет назад

IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918.

EPSS

Процентиль: 36%
0.00152
Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79