VYPR
← All advisories
Medium severity5.4NVD Advisory· Published Mar 31, 2017· Updated May 13, 2026

CVE-2016-6022

CVE-2016-6022

Description

IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Quality Manager (RQM) versions 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting, allowing authenticated users to inject arbitrary JavaScript and potentially disclose credentials.

Vulnerability

IBM Quality Manager (RQM) versions 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting (XSS). The vulnerability allows authenticated users to embed arbitrary JavaScript code into the Web UI, which is then executed in the context of other users' sessions. This occurs due to insufficient input validation in certain fields [1].

Exploitation

An attacker with low-privileged access to RQM can inject malicious JavaScript into a field (e.g., a comment or description). When another user views the affected page, the script executes. User interaction (e.g., clicking a link) may be required to trigger the script, as indicated by the CVSS vector requiring user interaction [1].

Impact

Successful exploitation can lead to disclosure of credentials within a trusted session, as the script can capture session tokens or other sensitive data. The CVSS scope is changed, indicating potential impact on other resources beyond the vulnerable component [1].

Mitigation

IBM has addressed this vulnerability in a security update for IBM Jazz Team Server. Users should apply the fix as described in the security bulletin [1]. No workarounds are mentioned in the available references.

References
  1. Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • IBM/Quality Manager (RQM)llm-fuzzy
    Range: 4.0, 5.0, 6.0
  • IBM Corporation/Rational Collaborative Lifecycle Managementv5
    Range: 3.0.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.