IBM Rhapsody DM CVE-2016-8975 Cross Site Scripting Vulnerability



IBM Rhapsody DM is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

The following products and versions are vulnerable:

IBM Rational Software Architect Design Manager 4.0.0 through 4.0.7 are vulnerable.
IBM Rational Software Architect Design Manager 5.0.0 through 5.0.2 are vulnerable.
IBM Rational Software Architect Design Manager 6.0.0 through 6.0.2 are vulnerable.

Information

Bugtraq ID: 100124
Class: Input Validation Error
CVE: CVE-2016-8975

Remote: Yes
Local: No
Published: Aug 02 2017 12:00AM
Updated: Aug 25 2017 09:11AM
Credit: IBM.
Vulnerable: IBM Rational Software Architect Design Manager 6.0.2
IBM Rational Software Architect Design Manager 6.0.1
IBM Rational Software Architect Design Manager 5.0.2
IBM Rational Software Architect Design Manager 5.0.1
IBM Rational Software Architect Design Manager 4.0.7
IBM Rational Software Architect Design Manager 4.0.3
IBM Rational Software Architect Design Manager 4.0.2
IBM Rational Software Architect Design Manager 4.0.1
IBM Rational Software Architect Design Manager 6.0
IBM Rational Software Architect Design Manager 5.0
IBM Rational Software Architect Design Manager 4.0.6
IBM Rational Software Architect Design Manager 4.0.5
IBM Rational Software Architect Design Manager 4.0.4
IBM Rational Software Architect Design Manager 4.0.0
IBM Rational Software Architect Design Manager 3.0.0
IBM Rational Rhapsody Design Manager 6.0.3
IBM Rational Rhapsody Design Manager 6.0.2
IBM Rational Rhapsody Design Manager 6.0.1
IBM Rational Rhapsody Design Manager 5.0.2
IBM Rational Rhapsody Design Manager 5.0.1
IBM Rational Rhapsody Design Manager 6.0
IBM Rational Rhapsody Design Manager 5.0
IBM Rational Engineering Lifecycle Manager 6.0.2
IBM Rational Engineering Lifecycle Manager 6.0.1
IBM Rational Engineering Lifecycle Manager 6.0


Not Vulnerable: IBM Rational Rhapsody Design Manager 6.0.4
IBM Rational Engineering Lifecycle Manager 6.0.3


Exploit


An attacker can exploit the issue by enticing an unsuspecting user to visit a specially crafted URL.


Source: www.securityfocus.com
Related Posts