VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 8, 2011· Updated Apr 29, 2026

CVE-2011-4708

CVE-2011-4708

Description

Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager before 7.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting vulnerability in IBM Rational Asset Manager before 7.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerability

IBM Rational Asset Manager before version 7.5.1 contains a reflected cross-site scripting (XSS) vulnerability in an unspecified component. The vulnerability allows injection of arbitrary web script or HTML via unspecified vectors. [1]

Exploitation

An attacker can exploit this vulnerability by crafting a malicious URL that, when visited by a victim, injects arbitrary script into the response. No authentication is required, but user interaction is needed. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary web script or HTML in the context of the victim's browser, potentially leading to session hijacking, credential theft, or defacement. [1]

Mitigation

The vulnerability is fixed in IBM Rational Asset Manager version 7.5.1. Users should upgrade to this version or later. No workarounds are documented. [1]

References
  1. PM38467: DFT Reflected XSS security vulnerability found in RAM server

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

13
  • IBM/Rational Asset Manager13 versions
    cpe:2.3:a:ibm:rational_asset_manager:*:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:ibm:rational_asset_manager:*:*:*:*:*:*:*:*range: <=7.5.0.2
    • cpe:2.3:a:ibm:rational_asset_manager:7.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_asset_manager:7.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_asset_manager:7.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_asset_manager:7.1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_asset_manager:7.1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_asset_manager:7.1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_asset_manager:7.1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_asset_manager:7.2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_asset_manager:7.2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_asset_manager:7.5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_asset_manager:7.5.0.1:*:*:*:*:*:*:*
    • (no CPE)range: <7.5.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.