IBM Jazz Foundation CVE-2017-1164 Cross Site Scripting Vulnerability

IBM Jazz Foundation is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Successful exploits will result in the execution of arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Information

Bugtraq ID: 101586
Class: Input Validation Error
CVE: CVE-2017-1164

Remote: Yes
Local: No
Published: Oct 25 2017 12:00AM
Updated: Oct 25 2017 12:00AM
Credit: IBM
Vulnerable: IBM Rational Team Concert 6.0.4
IBM Rational Team Concert 6.0.3
IBM Rational Team Concert 6.0.2
IBM Rational Team Concert 5.0.1
IBM Rational Team Concert 4.0.5
IBM Rational Team Concert 4.0.4
IBM Rational Team Concert 4.0.3
IBM Rational Team Concert 4.0.2
IBM Rational Team Concert 4.0.1
IBM Rational Team Concert 6.0
IBM Rational Team Concert 5.0.2
IBM Rational Team Concert 5.0
IBM Rational Team Concert 4.0.7
IBM Rational Team Concert 4.0.6
IBM Rational Team Concert 4.0.0.2
IBM Rational Team Concert 4.0.0.1
IBM Rational Team Concert 4.0
IBM Rational Software Architect Design Manager 6.0.4
IBM Rational Software Architect Design Manager 6.0.3
IBM Rational Software Architect Design Manager 6.0.2
IBM Rational Software Architect Design Manager 6.0.1
IBM Rational Software Architect Design Manager 5.0.2
IBM Rational Software Architect Design Manager 5.0.1
IBM Rational Software Architect Design Manager 4.0.7
IBM Rational Software Architect Design Manager 4.0.3
IBM Rational Software Architect Design Manager 4.0.2
IBM Rational Software Architect Design Manager 4.0.1
IBM Rational Software Architect Design Manager 6.0
IBM Rational Software Architect Design Manager 5.0
IBM Rational Software Architect Design Manager 4.0.6
IBM Rational Software Architect Design Manager 4.0.5
IBM Rational Software Architect Design Manager 4.0.4
IBM Rational Software Architect Design Manager 4.0.0
IBM Rational Software Architect Design Manager 4.0
IBM Rational Quality Manage 6.0.4
IBM Rational Engineering Lifecycle Manager 6.0.3
IBM Rational Engineering Lifecycle Manager 6.0.2
IBM Rational Engineering Lifecycle Manager 6.0.1
IBM Rational Engineering Lifecycle Manager 5.0.2
IBM Rational Engineering Lifecycle Manager 5.0.1
IBM Rational Engineering Lifecycle Manager 4.0.5
IBM Rational Engineering Lifecycle Manager 4.0.4
IBM Rational Engineering Lifecycle Manager 4.0.3
IBM Rational Engineering Lifecycle Manager 6.0
IBM Rational Engineering Lifecycle Manager 5.0
IBM Rational Engineering Lifecycle Manager 4.0.7
IBM Rational Engineering Lifecycle Manager 4.0.6
IBM Rational DOORS Next Generation 6.0.4
IBM Rational DOORS Next Generation 6.0.3
IBM Rational DOORS Next Generation 6.0.2
IBM Rational DOORS Next Generation 6.0.1
IBM Rational DOORS Next Generation 5.0.2
IBM Rational DOORS Next Generation 5.0.1
IBM Rational DOORS Next Generation 4.0.7
IBM Rational DOORS Next Generation 4.0.5
IBM Rational DOORS Next Generation 4.0.4
IBM Rational DOORS Next Generation 4.0.3
IBM Rational DOORS Next Generation 4.0.2
IBM Rational DOORS Next Generation 4.0.1
IBM Rational DOORS Next Generation 6.0
IBM Rational DOORS Next Generation 5.0
IBM Rational DOORS Next Generation 4.0.6
IBM Rational DOORS Next Generation 4.0.0
IBM Rational DOORS Next Generation 4.0
IBM Rational Collaborative Lifecycle Management 6.0.4
IBM Rational Collaborative Lifecycle Management 6.0.3
IBM Rational Collaborative Lifecycle Management 6.0.2
IBM Rational Collaborative Lifecycle Management 6.0.1
IBM Rational Collaborative Lifecycle Management 5.0.2
IBM Rational Collaborative Lifecycle Management 5.0.1
IBM Rational Collaborative Lifecycle Management 4.0.7
IBM Rational Collaborative Lifecycle Management 6.0
IBM Rational Collaborative Lifecycle Management 5.0.0
IBM Rational Collaborative Lifecycle Management 4.0.6
IBM Rational Collaborative Lifecycle Management 4.0.5
IBM Rational Collaborative Lifecycle Management 4.0.4
IBM Rational Collaborative Lifecycle Management 4.0.3
IBM Rational Collaborative Lifecycle Management 4.0.2
IBM Rational Collaborative Lifecycle Management 4.0.1
IBM Rational Collaborative Lifecycle Management 4.0.0
IBM Rational Collaborative Lifecycle Management 4.0

Not Vulnerable:

Exploit

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

References:

• IBM Homepage (IBM)
  
• swg22004534:Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational (IBM)
  

Source: www.securityfocus.com