| Title | 複数の IBM Rational 製品におけるクロスサイトスクリプティングの脆弱性 |
|---|---|
| Summary | 複数の IBM Rational 製品には、クロスサイトスクリプティングの脆弱性が存在します。 |
| Possible impacts | リモート認証されたユーザにより、巧妙に細工された URL を介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Sept. 30, 2016, midnight |
| Registration Date | Nov. 28, 2016, 4:55 p.m. |
| Last Update | Nov. 28, 2016, 4:55 p.m. |
| CVSS3.0 : 警告 | |
| Score | 5.4 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
| CVSS2.0 : 注意 | |
| Score | 3.5 |
|---|---|
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
| IBM |
| Rational Collaborative Lifecycle Management 3.0.1.6 iFix8 未満の 3.0.1.6 |
| Rational Collaborative Lifecycle Management 4.0.7 iFix11 未満の 4.0 |
| Rational Collaborative Lifecycle Management 5.0.2 iFix18 未満の 5.0 |
| Rational Collaborative Lifecycle Management 6.0.2 iFix5 未満の 6.0 |
| Rational DOORS Next Generation 4.0.7 iFix11 未満の 4.0 |
| Rational DOORS Next Generation 5.0.2 iFix18 未満の 5.0 |
| Rational DOORS Next Generation 6.0.2 iFix5 未満の 6.0 |
| Rational Engineering Lifecycle Manager 4.0.7 iFix11 未満の 4.0 |
| Rational Engineering Lifecycle Manager 5.0.2 iFix18 未満の 5.0 |
| Rational Engineering Lifecycle Manager 6.0.2 iFix5 未満の 6.0 |
| Rational Quality Manager 3.0.1.6 iFix8 未満の 3.0.1.6 |
| Rational Quality Manager 4.0.7 iFix11 未満の 4.0 |
| Rational Quality Manager 5.0.2 iFix18 未満の 5.0 |
| Rational Quality Manager 6.0.2 iFix5 未満の 6.0 |
| Rational Rhapsody Design Manager 4.0.7 iFix11 未満の 4.0 |
| Rational Rhapsody Design Manager 5.0.2 iFix18 未満の 5.0 |
| Rational Rhapsody Design Manager 6.0.2 iFix5 未満の 6.0 |
| Rational Software Architect Design Manager 4.0.7 iFix11 未満の 4.0 |
| Rational Software Architect Design Manager 5.0.2 iFix18 未満の 5.0 |
| Rational Software Architect Design Manager 6.0.2 iFix5 未満の 6.0 |
| Rational Team Concert 3.0.1.6 iFix8 未満の 3.0.1.6 |
| Rational Team Concert 4.0.7 iFix11 未満の 4.0 |
| Rational Team Concert 5.0.2 iFix18 未満の 5.0 |
| Rational Team Concert 6.0.2 iFix5 未満の 6.0 |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2016年11月28日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
|---|---|
| Publication Date | Nov. 25, 2016, 4:59 a.m. |
| Registration Date | Jan. 26, 2021, 2:03 p.m. |
| Last Update | Nov. 21, 2024, 11:41 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:* | |||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:* | |||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:* | |||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_quality_manager:4.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:* | |||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:* | |||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:* | |||||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_team_concert:6.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:* | |||||