ID

VAR-201803-0128


CVE

CVE-2017-1655


TITLE

IBM Jazz Foundation Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-003086

DESCRIPTION

IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133379. Vendors have confirmed this vulnerability IBM X-Force ID: 133379 It is released as.Information may be obtained and information may be altered. Multiple IBM Products are prone to the following multiple security vulnerabilities: 1. An information-disclosure vulnerability 2. Multiple cross-site scripting vulnerability 3. An access-bypass vulnerability An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, gain unauthorized access to the affected application or to obtain sensitive information

Trust: 1.89

sources: NVD: CVE-2017-1655 // JVNDB: JVNDB-2018-003086 // BID: 103477

AFFECTED PRODUCTS

vendor:ibmmodel:rational engineering lifecycle managerscope:lteversion:5.0.2

Trust: 1.0

vendor:ibmmodel:rational engineering lifecycle managerscope:gteversion:6.0

Trust: 1.0

vendor:ibmmodel:rational team concertscope:lteversion:5.0.2

Trust: 1.0

vendor:ibmmodel:rational software architect design managerscope:gteversion:4.0

Trust: 1.0

vendor:ibmmodel:rational collaborative lifecycle managementscope:gteversion:4.0

Trust: 1.0

vendor:ibmmodel:rational rhapsody design managerscope:gteversion:6.0

Trust: 1.0

vendor:ibmmodel:rational software architect design managerscope:gteversion:5.0

Trust: 1.0

vendor:ibmmodel:rational engineering lifecycle managerscope:gteversion:4.0.3

Trust: 1.0

vendor:ibmmodel:rational team concertscope:gteversion:6.0

Trust: 1.0

vendor:ibmmodel:rational quality managerscope:gteversion:4.0

Trust: 1.0

vendor:ibmmodel:rational doors next generationscope:gteversion:6.0.0

Trust: 1.0

vendor:ibmmodel:rational doors next generationscope:gteversion:5.0

Trust: 1.0

vendor:ibmmodel:rational quality managerscope:gteversion:5.0

Trust: 1.0

vendor:ibmmodel:rational engineering lifecycle managerscope:gteversion:5.0

Trust: 1.0

vendor:ibmmodel:rational software architect design managerscope:lteversion:4.0.7

Trust: 1.0

vendor:ibmmodel:rational software architect design managerscope:gtversion:6.0

Trust: 1.0

vendor:ibmmodel:rational doors next generationscope:gteversion:4.0.1

Trust: 1.0

vendor:ibmmodel:rational rhapsody design managerscope:gteversion:4.0

Trust: 1.0

vendor:ibmmodel:rational quality managerscope:lteversion:4.0.7

Trust: 1.0

vendor:ibmmodel:rational collaborative lifecycle managementscope:lteversion:6.0.5

Trust: 1.0

vendor:ibmmodel:rational quality managerscope:lteversion:6.0.5

Trust: 1.0

vendor:ibmmodel:rational software architect design managerscope:lteversion:6.0.1

Trust: 1.0

vendor:ibmmodel:rational team concertscope:gteversion:4.0

Trust: 1.0

vendor:ibmmodel:rational rhapsody design managerscope:gteversion:5.0

Trust: 1.0

vendor:ibmmodel:rational doors next generationscope:lteversion:4.0.7

Trust: 1.0

vendor:ibmmodel:rational software architect design managerscope:lteversion:5.0.2

Trust: 1.0

vendor:ibmmodel:rational quality managerscope:lteversion:5.0.2

Trust: 1.0

vendor:ibmmodel:rational team concertscope:gteversion:5.0

Trust: 1.0

vendor:ibmmodel:rational doors next generationscope:lteversion:6.0.5

Trust: 1.0

vendor:ibmmodel:rational engineering lifecycle managerscope:lteversion:4.0.7

Trust: 1.0

vendor:ibmmodel:rational rhapsody design managerscope:lteversion:4.0.7

Trust: 1.0

vendor:ibmmodel:rational engineering lifecycle managerscope:lteversion:6.0.5

Trust: 1.0

vendor:ibmmodel:rational quality managerscope:gteversion:6.0

Trust: 1.0

vendor:ibmmodel:rational team concertscope:lteversion:4.0.7

Trust: 1.0

vendor:ibmmodel:rational doors next generationscope:lteversion:5.0.2

Trust: 1.0

vendor:ibmmodel:rational rhapsody design managerscope:lteversion:6.0.5

Trust: 1.0

vendor:ibmmodel:rational team concertscope:lteversion:6.0.5

Trust: 1.0

vendor:ibmmodel:rational rhapsody design managerscope:lteversion:5.0.2

Trust: 1.0

vendor:ibmmodel:rational team concertscope:eqversion:6.0

Trust: 0.9

vendor:ibmmodel:rational team concertscope:eqversion:5.0.2

Trust: 0.9

vendor:ibmmodel:rational software architect design managerscope:eqversion:6.0.1

Trust: 0.9

vendor:ibmmodel:rational software architect design managerscope:eqversion:5.0.2

Trust: 0.9

vendor:ibmmodel:rational doors next generationscope:eqversion:6.0.3

Trust: 0.9

vendor:ibmmodel:rational doors next generationscope:eqversion:6.0.2

Trust: 0.9

vendor:ibmmodel:rational doors next generationscope:eqversion:6.0.1

Trust: 0.9

vendor:ibmmodel:rational doors next generationscope:eqversion:4.0.4

Trust: 0.9

vendor:ibmmodel:rational doors next generationscope:eqversion:4.0.3

Trust: 0.9

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:5.0 and 6.0

Trust: 0.8

vendor:ibmmodel:rational doors next generationscope: - version: -

Trust: 0.8

vendor:ibmmodel:rational engineering lifecycle managerscope: - version: -

Trust: 0.8

vendor:ibmmodel:rational quality managerscope: - version: -

Trust: 0.8

vendor:ibmmodel:rational rhapsody design managerscope: - version: -

Trust: 0.8

vendor:ibmmodel:rational software architect design managerscope: - version: -

Trust: 0.8

vendor:ibmmodel:rational team concertscope: - version: -

Trust: 0.8

vendor:ibmmodel:rational software architect design managerscope:eqversion:6.0.0

Trust: 0.6

vendor:ibmmodel:rational team concertscope:eqversion:6.0.4

Trust: 0.3

vendor:ibmmodel:rational team concertscope:eqversion:6.0.3

Trust: 0.3

vendor:ibmmodel:rational team concertscope:eqversion:6.0.2

Trust: 0.3

vendor:ibmmodel:rational team concertscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:rational team concertscope:eqversion:5.0.1

Trust: 0.3

vendor:ibmmodel:rational team concertscope:eqversion:4.0.5

Trust: 0.3

vendor:ibmmodel:rational team concertscope:eqversion:4.0.4

Trust: 0.3

vendor:ibmmodel:rational team concertscope:eqversion:4.0.3

Trust: 0.3

vendor:ibmmodel:rational team concertscope:eqversion:4.0.2

Trust: 0.3

vendor:ibmmodel:rational team concertscope:eqversion:4.0.1

Trust: 0.3

vendor:ibmmodel:rational team concertscope:eqversion:6.0.5

Trust: 0.3

vendor:ibmmodel:rational team concertscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:rational team concertscope:eqversion:4.0.7

Trust: 0.3

vendor:ibmmodel:rational team concertscope:eqversion:4.0.6

Trust: 0.3

vendor:ibmmodel:rational team concertscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:rational software architect design managerscope:eqversion:5.0.1

Trust: 0.3

vendor:ibmmodel:rational software architect design managerscope:eqversion:4.0.7

Trust: 0.3

vendor:ibmmodel:rational software architect design managerscope:eqversion:4.0.3

Trust: 0.3

vendor:ibmmodel:rational software architect design managerscope:eqversion:4.0.2

Trust: 0.3

vendor:ibmmodel:rational software architect design managerscope:eqversion:4.0.1

Trust: 0.3

vendor:ibmmodel:rational software architect design managerscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:rational software architect design managerscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:rational software architect design managerscope:eqversion:4.0.6

Trust: 0.3

vendor:ibmmodel:rational software architect design managerscope:eqversion:4.0.5

Trust: 0.3

vendor:ibmmodel:rational software architect design managerscope:eqversion:4.0.4

Trust: 0.3

vendor:ibmmodel:rational software architect design managerscope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:rational software architect design managerscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:6.0.4

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:6.0.3

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:6.0.2

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:5.0.2

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:5.0.1

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:4.0.7

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:4.0.4

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:4.0.3

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:4.0.2

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:4.0.1

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:6.0.5

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:4.0.6

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:4.0.5

Trust: 0.3

vendor:ibmmodel:rational rhapsody design managerscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:6.0.2

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:5.0.1

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:4.0.5

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:4.0.4

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:4.0.3

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:4.0.2

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:4.0.1

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:6.0.5

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:6.0.4

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:6.0.3

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:5.0.2

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:5.0.0

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:4.0.7

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:4.0.6

Trust: 0.3

vendor:ibmmodel:rational quality managerscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:6.0.3

Trust: 0.3

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:6.0.2

Trust: 0.3

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:5.0.2

Trust: 0.3

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:5.0.1

Trust: 0.3

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:4.0.5

Trust: 0.3

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:4.0.4

Trust: 0.3

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:4.0.3

Trust: 0.3

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:6.0.5

Trust: 0.3

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:6.0.4

Trust: 0.3

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:4.0.7

Trust: 0.3

vendor:ibmmodel:rational engineering lifecycle managerscope:eqversion:4.0.6

Trust: 0.3

vendor:ibmmodel:rational doors next generationscope:eqversion:6.0.4

Trust: 0.3

vendor:ibmmodel:rational doors next generationscope:eqversion:5.0.2

Trust: 0.3

vendor:ibmmodel:rational doors next generationscope:eqversion:5.0.1

Trust: 0.3

vendor:ibmmodel:rational doors next generationscope:eqversion:4.0.7

Trust: 0.3

vendor:ibmmodel:rational doors next generationscope:eqversion:4.0.5

Trust: 0.3

vendor:ibmmodel:rational doors next generationscope:eqversion:4.0.2

Trust: 0.3

vendor:ibmmodel:rational doors next generationscope:eqversion:4.0.1

Trust: 0.3

vendor:ibmmodel:rational doors next generationscope:eqversion:6.0.5

Trust: 0.3

vendor:ibmmodel:rational doors next generationscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:rational doors next generationscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:rational doors next generationscope:eqversion:4.0.6

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:6.0.4

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:6.0.3

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:6.0.2

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:5.0.7

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:5.0.2

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:5.0.1

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:4.0.7

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:6.0.5

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:5.0.0

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:4.0.6

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:4.0.5

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:4.0.4

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:4.0.3

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:4.0.2

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:4.0.1

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:4.0.0.2

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:4.0.0.1

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle managementscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:jazz team serverscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:jazz foundationscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:rational team concert ifix3scope:neversion:6.0.5

Trust: 0.3

vendor:ibmmodel:rational team concert ifix16scope:neversion:6.0.2

Trust: 0.3

vendor:ibmmodel:rational team concert ifix25scope:neversion:5.0.2

Trust: 0.3

vendor:ibmmodel:rational quality manager ifix3scope:neversion:6.0.5

Trust: 0.3

vendor:ibmmodel:rational quality manager ifix16scope:neversion:6.0.2

Trust: 0.3

vendor:ibmmodel:rational quality manager ifix25scope:neversion:5.0.2

Trust: 0.3

vendor:ibmmodel:rational doors next generation ifix3scope:neversion:6.0.5

Trust: 0.3

vendor:ibmmodel:rational doors next generation ifix16scope:neversion:6.0.2

Trust: 0.3

vendor:ibmmodel:rational doors next generation ifix25scope:neversion:5.0.2

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle management ifix3scope:neversion:6.0.5

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle management ifix16scope:neversion:6.0.2

Trust: 0.3

vendor:ibmmodel:rational collaborative lifecycle management ifix25scope:neversion:5.0.2

Trust: 0.3

sources: BID: 103477 // JVNDB: JVNDB-2018-003086 // CNNVD: CNNVD-201803-900 // NVD: CVE-2017-1655

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-1655
value: MEDIUM

Trust: 1.0

psirt@us.ibm.com: CVE-2017-1655
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-1655
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201803-900
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-1655
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2017-1655
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 2.8

sources: JVNDB: JVNDB-2018-003086 // CNNVD: CNNVD-201803-900 // NVD: CVE-2017-1655 // NVD: CVE-2017-1655

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2018-003086 // NVD: CVE-2017-1655

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-900

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201803-900

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003086

PATCH

title:2014815url:http://www-01.ibm.com/support/docview.wss?uid=swg22014815

Trust: 0.8

title:ibm-jazz-cve20171655-xss (133379)url:https://exchange.xforce.ibmcloud.com/vulnerabilities/133379

Trust: 0.8

title:IBM Rational Collaborative Lifecycle Management Jazz Foundation Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79397

Trust: 0.6

sources: JVNDB: JVNDB-2018-003086 // CNNVD: CNNVD-201803-900

EXTERNAL IDS

db:NVDid:CVE-2017-1655

Trust: 2.7

db:BIDid:103477

Trust: 1.9

db:JVNDBid:JVNDB-2018-003086

Trust: 0.8

db:CNNVDid:CNNVD-201803-900

Trust: 0.6

sources: BID: 103477 // JVNDB: JVNDB-2018-003086 // CNNVD: CNNVD-201803-900 // NVD: CVE-2017-1655

REFERENCES

url:http://www.ibm.com/support/docview.wss?uid=swg22014815

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/133379

Trust: 1.6

url:http://www.securityfocus.com/bid/103477

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1655

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-1655

Trust: 0.8

url:http://www.ibm.com

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg22014815

Trust: 0.3

sources: BID: 103477 // JVNDB: JVNDB-2018-003086 // CNNVD: CNNVD-201803-900 // NVD: CVE-2017-1655

CREDITS

IBM.

Trust: 0.3

sources: BID: 103477

SOURCES

db:BIDid:103477
db:JVNDBid:JVNDB-2018-003086
db:CNNVDid:CNNVD-201803-900
db:NVDid:CVE-2017-1655

LAST UPDATE DATE

2024-11-23T22:30:29.430000+00:00


SOURCES UPDATE DATE

db:BIDid:103477date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003086date:2018-05-14T00:00:00
db:CNNVDid:CNNVD-201803-900date:2019-10-17T00:00:00
db:NVDid:CVE-2017-1655date:2024-11-21T03:22:10.917

SOURCES RELEASE DATE

db:BIDid:103477date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003086date:2018-05-14T00:00:00
db:CNNVDid:CNNVD-201803-900date:2018-03-26T00:00:00
db:NVDid:CVE-2017-1655date:2018-03-23T19:29:00.387