IBM Rational DOORS Next Generation Multiple Cross Site Scripting Vulnerabilities



IBM Rational DOORS Next Generation is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Information

Bugtraq ID: 101895
Class: Input Validation Error
CVE: CVE-2017-1593
CVE-2017-1546
CVE-2017-1560
CVE-2017-1678
CVE-2017-1461

Remote: Yes
Local: No
Published: Nov 16 2017 12:00AM
Updated: Nov 20 2017 03:08PM
Credit: IBM
Vulnerable: IBM Rational Requirements Composer 5.0.2
IBM Rational Requirements Composer 5.0.1
IBM Rational Requirements Composer 4.0.7
IBM Rational Requirements Composer 4.0.5
IBM Rational Requirements Composer 4.0.4
IBM Rational Requirements Composer 4.0.3
IBM Rational Requirements Composer 4.0.1
IBM Rational Requirements Composer 5.0
IBM Rational Requirements Composer 4.0.6
IBM Rational Requirements Composer 4.0
IBM Rational DOORS Next Generation 6.0.4
IBM Rational DOORS Next Generation 6.0.3
IBM Rational DOORS Next Generation 6.0.2
IBM Rational DOORS Next Generation 6.0.1
IBM Rational DOORS Next Generation 6.0


Not Vulnerable: IBM Rational Requirements Composer 5.0.2 iFix024
IBM Rational Requirements Composer 4.0.7 iFix015
IBM Rational DOORS Next Generation 6.0.2 iFix014


Exploit


An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.


Related Posts

Comments