CVE-2016-9694

Summary

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999960.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationRational Rhapsody Design Manager4.0.2affected
IBM CorporationRational Rhapsody Design Manager3.0affected
IBM CorporationRational Rhapsody Design Manager3.0.0.1affected
IBM CorporationRational Rhapsody Design Manager4.0affected
IBM CorporationRational Rhapsody Design Manager4.0.1affected
IBM CorporationRational Rhapsody Design Manager4.0.3affected
IBM CorporationRational Rhapsody Design Manager4.0.4affected
IBM CorporationRational Rhapsody Design Manager4.0.5affected
IBM CorporationRational Rhapsody Design Manager4.0.6affected
IBM CorporationRational Rhapsody Design Manager5.0affected
IBM CorporationRational Rhapsody Design Manager3affected
IBM CorporationRational Rhapsody Design Manager4.0.7affected
IBM CorporationRational Rhapsody Design Manager5.0.2affected
IBM CorporationRational Rhapsody Design Manager5.0.1affected
IBM CorporationRational Rhapsody Design Manager6.0affected
IBM CorporationRational Rhapsody Design Manager6.0.1affected
IBM CorporationRational Rhapsody Design Manager6.0.2affected
IBM CorporationRational Rhapsody Design Manager6.0.3affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References