CVE-2017-1753

Published Aug 20, 2018

Last updated 5 years ago

CVSS medium 5.4

Overview

Description: Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5C09499-13C3-4F91-A68D-C8FEB77B18DE",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "130C05BE-0919-4A40-9F1E-C7AB4D718D05",
            "versionEndIncluding": "6.0.5",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BABC587-0E98-4CE1-AD8C-4045D3CA2941",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4BE1EAE-1C18-4FC0-A7FB-A58C011CF1F9",
            "versionEndIncluding": "6.0.5",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EB5653C-C3DD-471B-B644-6E3128CA7401",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5C61916-4F4D-4DD3-8F09-F55322767C14",
            "versionEndIncluding": "6.0.5",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A1EBFE0-1EA4-46A9-866B-3ED2E1187612",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82E0686F-C62F-4A6A-861E-19467C8018A0",
            "versionEndIncluding": "6.0.5",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A48EFB76-A843-46B9-8840-83DC35330DD3",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98DCDC04-6FD5-49CB-BC20-757A69C4AC0C",
            "versionEndIncluding": "6.0.1",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "909CD52D-BC7A-467F-A88B-15150C6A41ED",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References