CNVD-2016-11137

Vulnerability from cnvd - Published: 2016-11-16
VLAI Severity ?
Title
多款IBM Rational产品跨站脚本漏洞
Description
IBM Rational Team Concert和Rational Collaborative Lifecycle Management是美国IBM公司的协作化生命周期管理解决方案。IBM Rational DOORS Next Generation(RDNG)是美国IBM公司的需求管理解决方案。IBM Rational Engineering Lifecycle Manager是美国IBM公司的一套工程生命周期管理软件。IBM Rational Software Architect Design Manager能够对由Rational Software Architect编写的模型进行协作式设计管理。 多款IBM Rational产品存在跨站脚本漏洞。由于程序未能充分过滤用户提供的输入,攻击者可以利用漏洞在受影响站点的上下文中在不知情的用户的浏览器中执行任意脚本代码。窃取基于cookie的身份验证凭证并启动其他攻击。
Severity
Patch Name
多款IBM Rational产品跨站脚本漏洞的补丁
Patch Description
IBM Rational Team Concert和Rational Collaborative Lifecycle Management是美国IBM公司的协作化生命周期管理解决方案。IBM Rational DOORS Next Generation(RDNG)是美国IBM公司的需求管理解决方案。IBM Rational Engineering Lifecycle Manager是美国IBM公司的一套工程生命周期管理软件。IBM Rational Software Architect Design Manager能够对由Rational Software Architect编写的模型进行协作式设计管理。 多款IBM Rational产品存在跨站脚本漏洞。由于程序未能充分过滤用户提供的输入,攻击者可以利用漏洞在受影响站点的上下文中在不知情的用户的浏览器中执行任意脚本代码。窃取基于cookie的身份验证凭证并启动其他攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可参考如下供应商提供的安全公告获得补丁信息: http://www-01.ibm.com/support/docview.wss?uid=swg21993444

Reference
http://www.securityfocus.com/bid/94146 http://www-01.ibm.com/support/docview.wss?uid=swg21993444
Impacted products
Name
['IBM Rational Team Concert 4.0 - 4.0.7', 'IBM Rational Quality Manager 4.0 - 4.0.7', 'IBM Rational Quality Manager 5.0 - 5.0.2', 'IBM Rational DOORS Next Generation 4.0 - 4.0.7', 'IBM Rational DOORS Next Generation 5.0 - 5.0.2', 'IBM Rational Engineering Lifecycle Manager 4.0.3 - 4.0.7', 'IBM Rational Engineering Lifecycle Manager 5.0 - 5.0.2', 'IBM Rational Rhapsody Design Manager 4.0 - 4.0.7', 'IBM Rational Rhapsody Design Manager 5.0 - 5.0.2', 'IBM Rational Software Architect Design Manager 4.0 - 4.0.7', 'IBM Rational Software Architect Design Manager 5.0 - 5.0.2', 'IBM Rational Team Concert >=5.0,<=5.0.2', 'IBM Rational Quality Manager >=6.0,<=6.0.2', 'IBM Rational Team Concert >=6.0,<=6.0.2', 'IBM Rational DOORS Next Generation >=6.0,<=6.0.2', 'IBM Rational Engineering Lifecycle Manager >=6.0,<=6.0.2', 'IBM Rational Rhapsody Design Manager >=6.0,<=6.0.2', 'IBM Rational Software Architect Design Manager >=6.0,<=6.0.2', 'IBM Rational Collaborative Lifecycle Management >=4.0,<=6.0.2']
Show details on source website
To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "94146"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-2926"
    }
  },
  "description": "IBM Rational Team Concert\u548cRational Collaborative Lifecycle Management\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u534f\u4f5c\u5316\u751f\u547d\u5468\u671f\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002IBM Rational DOORS Next Generation\uff08RDNG\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u9700\u6c42\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002IBM Rational Engineering Lifecycle Manager\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u5de5\u7a0b\u751f\u547d\u5468\u671f\u7ba1\u7406\u8f6f\u4ef6\u3002IBM Rational Software Architect Design Manager\u80fd\u591f\u5bf9\u7531Rational Software Architect\u7f16\u5199\u7684\u6a21\u578b\u8fdb\u884c\u534f\u4f5c\u5f0f\u8bbe\u8ba1\u7ba1\u7406\u3002 \r\n\r\n\u591a\u6b3eIBM Rational\u4ea7\u54c1\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u8fc7\u6ee4\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7ad9\u70b9\u7684\u4e0a\u4e0b\u6587\u4e2d\u5728\u4e0d\u77e5\u60c5\u7684\u7528\u6237\u7684\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\u3002\u7a83\u53d6\u57fa\u4e8ecookie\u7684\u8eab\u4efd\u9a8c\u8bc1\u51ed\u8bc1\u5e76\u542f\u52a8\u5176\u4ed6\u653b\u51fb\u3002",
  "discovererName": "IBM",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21993444",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11137",
  "openTime": "2016-11-16",
  "patchDescription": "IBM Rational Team Concert\u548cRational Collaborative Lifecycle Management\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u534f\u4f5c\u5316\u751f\u547d\u5468\u671f\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002IBM Rational DOORS Next Generation\uff08RDNG\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u9700\u6c42\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002IBM Rational Engineering Lifecycle Manager\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u5de5\u7a0b\u751f\u547d\u5468\u671f\u7ba1\u7406\u8f6f\u4ef6\u3002IBM Rational Software Architect Design Manager\u80fd\u591f\u5bf9\u7531Rational Software Architect\u7f16\u5199\u7684\u6a21\u578b\u8fdb\u884c\u534f\u4f5c\u5f0f\u8bbe\u8ba1\u7ba1\u7406\u3002 \r\n\r\n\u591a\u6b3eIBM Rational\u4ea7\u54c1\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u8fc7\u6ee4\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7ad9\u70b9\u7684\u4e0a\u4e0b\u6587\u4e2d\u5728\u4e0d\u77e5\u60c5\u7684\u7528\u6237\u7684\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\u3002\u7a83\u53d6\u57fa\u4e8ecookie\u7684\u8eab\u4efd\u9a8c\u8bc1\u51ed\u8bc1\u5e76\u542f\u52a8\u5176\u4ed6\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eIBM Rational\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Rational Team Concert 4.0 - 4.0.7",
      "IBM Rational Quality Manager 4.0 - 4.0.7",
      "IBM Rational Quality Manager 5.0 - 5.0.2",
      "IBM Rational DOORS Next Generation 4.0 - 4.0.7",
      "IBM Rational DOORS Next Generation 5.0 - 5.0.2",
      "IBM Rational Engineering Lifecycle Manager 4.0.3 - 4.0.7",
      "IBM Rational Engineering Lifecycle Manager 5.0 - 5.0.2",
      "IBM Rational Rhapsody Design Manager 4.0 - 4.0.7",
      "IBM Rational Rhapsody Design Manager 5.0 - 5.0.2",
      "IBM Rational Software Architect Design Manager 4.0 - 4.0.7",
      "IBM Rational Software Architect Design Manager 5.0 - 5.0.2",
      "IBM Rational Team Concert \u003e=5.0\uff0c\u003c=5.0.2",
      "IBM Rational Quality Manager \u003e=6.0\uff0c\u003c=6.0.2",
      "IBM Rational Team Concert \u003e=6.0\uff0c\u003c=6.0.2",
      "IBM  Rational DOORS Next Generation \u003e=6.0\uff0c\u003c=6.0.2",
      "IBM Rational Engineering Lifecycle Manager \u003e=6.0\uff0c\u003c=6.0.2",
      "IBM Rational Rhapsody Design Manager \u003e=6.0\uff0c\u003c=6.0.2",
      "IBM Rational Software Architect Design Manager \u003e=6.0\uff0c\u003c=6.0.2",
      "IBM Rational Collaborative Lifecycle Management \u003e=4.0\uff0c\u003c=6.0.2"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/94146\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21993444",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-09",
  "title": "\u591a\u6b3eIBM Rational\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.