VDB
CVE-2017-1653
CVE-2017-1653
PUBLISHED
CVSS 3.5 LOW
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268.
EPSS 0.60% · 69.8th percentile
Risk Scores
CVSS 2.0
3.5
EPSS Score
0.60%
69.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ibm | rational_rhapsody_design_manager | 6.0 |
| ibm | rational_team_concert | 6.0 |
| ibm | rational_quality_manager | 6.0 |
| IBM | Rational Collaborative Lifecycle Management | 6.0, 6.0.3, 6.0.4 |
| ibm | rational_doors_next_generation | 6.0 |
| ibm | rational_collaborative_lifecycle_management | 6.0 |
| ibm | rational_software_architect_design_manager | 6.0.1, 6.0 |
| ibm | rational_engineering_lifecycle_manager | 6.0 |
Exploit Intelligence
- CVE-2017-13286 Poc(can not use) (github-poc)
- CVE-2017-13286 Poc(can not use) (github-poc)
- CVE-2017-13286 Poc(can not use) (github-poc)
- CVE-2017-13286 Poc(can not use) (github-poc)
- 1040306 (circl)
- 102853 (circl)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/133268 (circl)
- 1040307 (circl)
- 1040305 (circl)
- http://www.ibm.com/support/docview.wss?uid=swg22012712 (circl)
Timeline
- Jan 26, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- 1040306 vdb
- 102853 vdb
- https://exchange.xforce.ibmcloud.com/vulnerabilities/133268 url
- 1040307 vdb
- 1040305 vdb
- http://www.ibm.com/support/docview.wss?uid=swg22012712 url
- https://nvd.nist.gov/vuln/detail/CVE-2017-1653 advisory
- https://source.android.com/security/bulletin/2018-04-01 advisory
- https://source.android.com/security/bulletin/pixel/2018-04-01 advisory