IBM Rational DOORS Web Access CVE-2017-1540 Cross Site Scripting Vulnerability



IBM Rational DOORS Web Access is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Rational DOORS Web Access 9.5.0.0 through 9.5.0.7, 9.5.1.0 through 9.5.1.8, 9.5.2.0 through 9.5.2.7, 9.6.0.0 through 9.6.0.6, and 9.6.1.0 through 9.6.1.9 are vulnerable.

Information

Bugtraq ID: 102890
Class: Input Validation Error
CVE: CVE-2017-1540

Remote: Yes
Local: No
Published: Feb 23 2018 12:00AM
Updated: Feb 23 2018 12:00AM
Credit: IBM
Vulnerable: IBM Rational DOORS Web Access 9.6.1
IBM Rational DOORS Web Access 9.6 1
IBM Rational DOORS Web Access 9.5.2 1
IBM Rational DOORS Web Access 9.5.2
IBM Rational DOORS Web Access 9.5.1 1
IBM Rational DOORS Web Access 9.5.1
IBM Rational DOORS Web Access 9.5 1
IBM Rational DOORS Web Access 9.6.1.9
IBM Rational DOORS Web Access 9.6.1.4
IBM Rational DOORS Web Access 9.6.1.3
IBM Rational DOORS Web Access 9.6.1.1
IBM Rational DOORS Web Access 9.6.0.6
IBM Rational DOORS Web Access 9.6
IBM Rational DOORS Web Access 9.5.2.7
IBM Rational DOORS Web Access 9.5.1.8
IBM Rational DOORS Web Access 9.5.0.7
IBM Rational DOORS Web Access 9.5


Not Vulnerable: IBM Rational DOORS Web Access 9.6.1.10
IBM Rational DOORS Web Access 9.6.0.7
IBM Rational DOORS Web Access 9.5.2.8
IBM Rational DOORS Web Access 9.5.1.9
IBM Rational DOORS Web Access 9.5.0.8


Exploit


To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.


Related Posts

Comments