VYPR
← All advisories
Medium severity6.1NVD Advisory· Published Jan 27, 2016· Updated May 6, 2026

CVE-2015-7439

CVE-2015-7439

Description

Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 through 9.5, and Rational Software Architect RealTime (RSART) 8.5 through 9.5, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A reflected XSS vulnerability in IBM InfoSphere Data Architect affects Rational Software Architect 8.5–9.5, allowing remote attackers to execute arbitrary web script via a crafted URL.

Vulnerability

A cross-site scripting (XSS) vulnerability exists in IBM InfoSphere Data Architect (IDA) as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 through 9.5, and Rational Software Architect RealTime (RSART) 8.5 through 9.5. The flaw stems from improper validation of user-supplied input, enabling a reflected XSS attack when a victim clicks a specially crafted URL [1].

Exploitation

An unauthenticated remote attacker can craft a malicious URL containing arbitrary web script or HTML. The attacker must rely on user interaction, i.e., tricking the victim into clicking the crafted link. No prior authentication or special network position is required; the attack vector is over the network [1].

Impact

Successful exploitation results in script execution within the victim's browser in the security context of the hosting web site. This can lead to theft of cookie-based authentication credentials, and potentially other client-side attacks, amounting to a low impact on confidentiality and integrity (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) [1].

Mitigation

IBM has released an update to remediate this vulnerability, available via Fix Central. Users should download and apply the appropriate update for their product version (e.g., 855, 9.5). The update is distributed as compressed files, and installation instructions are provided in the security bulletin [1].

References
  1. Vulnerability in IBM InfoSphere Data Architect Cross-Site Scripting affects Rational Software Architect, Rational Software Architect for WebSphere Software and Rational Software Architect RealTime (CVE-2015-7439)

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

46
  • IBM/Rational Software Architect15 versions
    cpe:2.3:a:ibm:rational_software_architect:8.5.0:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:ibm:rational_software_architect:8.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect:8.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect:8.5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect:8.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect:8.5.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect:8.5.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect:8.5.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect:8.5.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect:9.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect:9.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect:9.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect:9.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect:9.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect:9.1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect:9.5.0:*:*:*:*:*:*:*
  • IBM/Rational Software Architect For Websphere Software\'15 versions
    cpe:2.3:a:ibm:rational_software_architect_for_websphere_software:8.5.0:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:ibm:rational_software_architect_for_websphere_software:8.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_for_websphere_software:8.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_for_websphere_software:8.5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_for_websphere_software:8.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_for_websphere_software\':8.5.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_for_websphere_software:8.5.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_for_websphere_software:8.5.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_for_websphere_software:8.5.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_for_websphere_software:9.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_for_websphere_software:9.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_for_websphere_software:9.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_for_websphere_software:9.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_for_websphere_software:9.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_for_websphere_software:9.1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_for_websphere_software:9.5.0:*:*:*:*:*:*:*
  • IBM/Rational Software Architect Realtime15 versions
    cpe:2.3:a:ibm:rational_software_architect_realtime:8.5.0:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:ibm:rational_software_architect_realtime:8.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_realtime:8.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_realtime:8.5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_realtime:8.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_realtime:8.5.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_realtime:8.5.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_realtime:8.5.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_realtime:8.5.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_realtime:9.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_realtime:9.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_realtime:9.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_realtime:9.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_realtime:9.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_realtime:9.1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:rational_software_architect_realtime:9.5.0:*:*:*:*:*:*:*
  • IBM/Infosphere Data Architectllm-fuzzy

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.