CVE-2015-7471
Description
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote authenticated users with project administrator privileges to inject arbitrary web script or HTML via a crafted project. IBM X-Force ID: 108429.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: 3.0.x to <3.0.1.6 iFix7 Interim Fix 1, 4.0.x to <4.0.7 iFix10, 5.0.x to <5.0.2 iFix15, 6.0.x to <6.0.1 iFix4
- Range: 3.0.x to <3.0.1.6 iFix7 Interim Fix 1, 4.0.x to <4.0.7 iFix10, 5.0.x to <5.0.2 iFix15, 6.0.x to <6.0.1 iFix4
- Range: 3.0.1 to <3.0.1.6 iFix7 Interim Fix 1, 4.0.x to <4.0.7 iFix10, 5.0.x to <5.0.2 iFix15, 6.0.x to <6.0.1 iFix4
Patches
Vulnerability mechanics
References
2- www-01.ibm.com/support/docview.wssnvdPatchVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/108429nvdVDB EntryVendor Advisory
News mentions
0No linked articles in our index yet.