製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の IBM Rational 製品におけるクロスサイトスクリプティングの脆弱性

Title	複数の IBM Rational 製品におけるクロスサイトスクリプティングの脆弱性
Summary	複数の IBM Rational 製品には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、巧妙に細工された URL を介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 3, 2016, midnight
Registration Date	Nov. 30, 2016, noon
Last Update	Nov. 30, 2016, noon

CVSS3.0 : 警告
Score	5.4
Vector	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS2.0 : 注意
Score	3.5
Vector	AV:N/AC:M/Au:S/C:N/I:P/A:N

Affected System

IBM

Rational Collaborative Lifecycle Management 4.0.7 iFix11 未満の 4.0

Rational Collaborative Lifecycle Management 5.0.2 iFix19 未満の 5.0

Rational Collaborative Lifecycle Management 6.0.2 iFix3 未満の 6.0

Rational DOORS Next Generation 4.0.7 iFix11 未満の 4.0

Rational DOORS Next Generation 5.0.2 iFix19 未満の 5.0

Rational DOORS Next Generation 6.0.2 iFix3 未満の 6.0

Rational Engineering Lifecycle Manager 4.0.7 iFix11 未満の 4.0

Rational Engineering Lifecycle Manager 5.0.2 iFix19 未満の 5.0

Rational Engineering Lifecycle Manager 6.0.2 iFix3 未満の 6.0

Rational Quality Manager 4.0.7 iFix11 未満の 4.0

Rational Quality Manager 5.0.2 iFix19 未満の 5.0

Rational Quality Manager 6.0.2 iFix3 未満の 6.0

Rational Rhapsody Design Manager 4.0.7 iFix11 未満の 4.0

Rational Rhapsody Design Manager 5.0.2 iFix19 未満の 5.0

Rational Rhapsody Design Manager 6.0.2 iFix3 未満の 6.0

Rational Software Architect Design Manager 4.0.7 iFix11 未満の 4.0

Rational Software Architect Design Manager 5.0.2 iFix19 未満の 5.0

Rational Software Architect Design Manager 6.0.2 iFix3 未満の 6.0

Rational Team Concert 4.0.7 iFix11 未満の 4.0

Rational Team Concert 5.0.2 iFix19 未満の 5.0

Rational Team Concert 6.0.2 iFix3 未満の 6.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-2926	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2926
National Vulnerability Database (NVD)
2	CVE-2016-2926	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2926

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
IBM Support Document
1	1993444	http://www-01.ibm.com/support/docview.wss?uid=swg21993444

Change Log

No	Changed Details	Date of change
0	[2016年11月30日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-2926

Summary	Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Publication Date	Nov. 26, 2016, 5:59 a.m.
Registration Date	Jan. 26, 2021, 2:09 p.m.
Last Update	Nov. 21, 2024, 11:49 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:rational_team_concert:6.0.1:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.0:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.5:::::::*
cpe:2.3:a:ibm:rational_team_concert:5.0.0:::::::*
cpe:2.3:a:ibm:rational_team_concert:6.0.0:::::::*
cpe:2.3:a:ibm:rational_team_concert:6.0.2:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.6:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.4:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.7:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.1:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.2:::::::*
cpe:2.3:a:ibm:rational_team_concert:5.0.1:::::::*
cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.3:::::::*
cpe:2.3:a:ibm:rational_team_concert:5.0.2:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.0:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.2:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.1:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.0:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:ibm:rational_quality_manager:4.0.1:::::::*
cpe:2.3:a:ibm:rational_quality_manager:4.0.4:::::::*
cpe:2.3:a:ibm:rational_quality_manager:6.0.1:::::::*
cpe:2.3:a:ibm:rational_quality_manager:4.0.7:::::::*
cpe:2.3:a:ibm:rational_quality_manager:4.0.3:::::::*
cpe:2.3:a:ibm:rational_quality_manager:5.0.0:::::::*
cpe:2.3:a:ibm:rational_quality_manager:6.0.2:::::::*
cpe:2.3:a:ibm:rational_quality_manager:4.0.5:::::::*
cpe:2.3:a:ibm:rational_quality_manager:5.0.2:::::::*
cpe:2.3:a:ibm:rational_quality_manager:6.0.0:::::::*
cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:::::::*
cpe:2.3:a:ibm:rational_quality_manager:4.0.2:::::::*
cpe:2.3:a:ibm:rational_quality_manager:4.0.6:::::::*
cpe:2.3:a:ibm:rational_quality_manager:4.0.0:::::::*
cpe:2.3:a:ibm:rational_quality_manager:5.0.1:::::::*

Configuration5	or higher	or less	more than	less than
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:::::::*

Configuration6	or higher	or less	more than	less than
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:::::::*
cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:::::::*

Configuration7	or higher	or less	more than	less than
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:::::::*
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:::::::*
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:::::::*
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:::::::*
cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:::::::*
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:::::::*
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:::::::*
cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:::::::*
cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:::::::*
cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:::::::*
cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:::::::*
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:::::::*
cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:::::::*
cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/94146
2	http://www.securityfocus.com/bid/94146
3	http://www.securitytracker.com/id/1037276
4	http://www.securitytracker.com/id/1037276
5	http://www.securitytracker.com/id/1037277
6	http://www.securitytracker.com/id/1037277
7	http://www.securitytracker.com/id/1037278
8	http://www.securitytracker.com/id/1037278
9	http://www.securitytracker.com/id/1037279
10	http://www.securitytracker.com/id/1037279
11	http://www-01.ibm.com/support/docview.wss?uid=swg21993444	Patch Vendor Advisory
12	http://www-01.ibm.com/support/docview.wss?uid=swg21993444	Patch Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:rational_team_concert:6.0.1:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.0:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.5:::::::*
cpe:2.3:a:ibm:rational_team_concert:5.0.0:::::::*
cpe:2.3:a:ibm:rational_team_concert:6.0.0:::::::*
cpe:2.3:a:ibm:rational_team_concert:6.0.2:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.6:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.4:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.7:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.1:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.2:::::::*
cpe:2.3:a:ibm:rational_team_concert:5.0.1:::::::*
cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:::::::*
cpe:2.3:a:ibm:rational_team_concert:4.0.3:::::::*
cpe:2.3:a:ibm:rational_team_concert:5.0.2:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:::::::*
cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.0:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.2:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.1:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.0:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:::::::*
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:ibm:rational_quality_manager:4.0.1:::::::*
cpe:2.3:a:ibm:rational_quality_manager:4.0.4:::::::*
cpe:2.3:a:ibm:rational_quality_manager:6.0.1:::::::*
cpe:2.3:a:ibm:rational_quality_manager:4.0.7:::::::*
cpe:2.3:a:ibm:rational_quality_manager:4.0.3:::::::*
cpe:2.3:a:ibm:rational_quality_manager:5.0.0:::::::*
cpe:2.3:a:ibm:rational_quality_manager:6.0.2:::::::*
cpe:2.3:a:ibm:rational_quality_manager:4.0.5:::::::*
cpe:2.3:a:ibm:rational_quality_manager:5.0.2:::::::*
cpe:2.3:a:ibm:rational_quality_manager:6.0.0:::::::*
cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:::::::*
cpe:2.3:a:ibm:rational_quality_manager:4.0.2:::::::*
cpe:2.3:a:ibm:rational_quality_manager:4.0.6:::::::*
cpe:2.3:a:ibm:rational_quality_manager:4.0.0:::::::*
cpe:2.3:a:ibm:rational_quality_manager:5.0.1:::::::*

Configuration5	or higher	or less	more than	less than
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:::::::*
cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:::::::*