CVE-2016-9747

Summary

IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Affected Software

VendorProductVersion RangeStatus
IBMRational Engineering Lifecycle Manager4.0.3affected
IBMRational Engineering Lifecycle Manager4.0.4affected
IBMRational Engineering Lifecycle Manager4.0.5affected
IBMRational Engineering Lifecycle Manager4.0.6affected
IBMRational Engineering Lifecycle Manager5.0affected
IBMRational Engineering Lifecycle Manager4.0.7affected
IBMRational Engineering Lifecycle Manager5.0.1affected
IBMRational Engineering Lifecycle Manager5.0.2affected
IBMRational Engineering Lifecycle Manager6.0affected
IBMRational Engineering Lifecycle Manager6.0.1affected
IBMRational Engineering Lifecycle Manager6.0.2affected
IBMRational Engineering Lifecycle Manager6.0.3affected
IBMRational Engineering Lifecycle Manager6.0.4affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References