CVE-2013-5404

Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21653689	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/87318
http://www-01.ibm.com/support/docview.wss?uid=swg21653689	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/87318

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:rational_quality_manager:2.0:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:2.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:2.0.0.2:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:2.0.1:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:2.0.1.1:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0.1:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0.1.1:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0.1.2:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0.1.3:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0.1.4:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0.1.5:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0.1:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0.2:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0.3:::::::*
	cpe:2.3:a:ibm:rational_quality_manager:4.0.4:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:2.0:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:4.0:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:::::::*
	cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:::::::*
	cpe:2.3:a:ibm:rational_team_concert:2.0:::::::*
	cpe:2.3:a:ibm:rational_team_concert:2.0.0.1:::::::*
	cpe:2.3:a:ibm:rational_team_concert:2.0.0.2:::::::*
	cpe:2.3:a:ibm:rational_team_concert:3.0:::::::*
	cpe:2.3:a:ibm:rational_team_concert:3.0.1:::::::*
	cpe:2.3:a:ibm:rational_team_concert:3.0.1.2:::::::*
	cpe:2.3:a:ibm:rational_team_concert:3.0.1.3:::::::*
	cpe:2.3:a:ibm:rational_team_concert:3.0.1.4:::::::*
	cpe:2.3:a:ibm:rational_team_concert:3.0.1.5:::::::*
	cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:::::::*
	cpe:2.3:a:ibm:rational_team_concert:4.0:::::::*
	cpe:2.3:a:ibm:rational_team_concert:4.0.1:::::::*
	cpe:2.3:a:ibm:rational_team_concert:4.0.2:::::::*
	cpe:2.3:a:ibm:rational_team_concert:4.0.3:::::::*
	cpe:2.3:a:ibm:rational_team_concert:4.0.4:::::::*
	cpe:2.3:a:ibm:rational_team_concert:4.0.5:::::::*

History

21 Nov 2024, 01:57

Type	Values Removed	Values Added
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21653689 - Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21653689 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/87318 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/87318 -

Information

Published : 2013-12-10 19:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-5404

Mitre link : CVE-2013-5404

CVE.ORG link : CVE-2013-5404

JSON object : View

Products Affected

ibm

rational_quality_manager
rational_team_concert
rational_requirements_composer

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2013-5404", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-12-10T19:55:07.297", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653689", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87318", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653689", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87318", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IFRAME element."}, {"lang": "es", "value": "Vulenrabilidad Cross-site scripting (XSS) en la aplicaci\u00f3n de b\u00fasqueda en IBM Rational Quality Manager (RQM) 2.0 a 2.0.1.1, 3.0.1.6 3.x antes iFix 1, 4.x antes de 4.0.5, tal como se utiliza en Rational Team Concert, Rational Requirements Composer, y otros productos, permite a usuarios remotos autenticados inyectar web scripts o HTML a trav\u00e9s de vectores relacionados con un elemento IFRAME."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CE0A31B-7A9B-40E6-8648-365D018BA0E5"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A9E54DB-5CB0-4289-B1A7-EA82494A8FEB"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B2944B8-BFD1-4184-8E49-69385DD0C0D9"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71ECC4C2-BF61-47C7-8435-BE71F1AD0A88"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:2.0.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A826A681-A706-4512-B863-1FEABFBCC677"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A79E7EF2-5615-4300-BC0D-865DBDC8B46F"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C59EB6D6-2A74-4988-912C-97045647F1ED"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EAB61F7-B5B4-47E8-8BFD-02F025358781"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F93D8CAB-0DF0-4A1D-B1A3-78FF892D04AE"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7204792C-1506-4E95-92CD-098F760FC429"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09FC134C-08AB-4874-B31D-B08CDF4C2DE4"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1649F910-F8B9-4AAD-9743-C37B8784A771"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:3.0.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEDB1D69-FFD1-49DB-9775-B11F21E200F9"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "443530AE-4F33-4453-826A-8D705DFB7C03"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "364E7E8D-D988-4546-9E61-CD2D1A6F0728"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB0AA277-39E7-441C-9AF2-18848FD4C9D7"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4938F063-34AF-4C5F-AF43-534C3D052720"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3902033E-35AB-4358-9D07-AF8C59A9621A"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "559C7C20-BD07-4E30-A74C-EA35DB2E3F2B"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10E211DC-D0D7-4527-AE87-231A19D58C6E"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20AABE5F-C942-45BB-86A9-C3F2E949D64E"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A04D314-F6EB-41B9-945A-D8428D86B655"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3717DCFC-1336-45EC-919C-E1CD1B37DA2A"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:2.0.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC743273-AD4B-4A14-9C0C-23A865A640C7"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1E8B281-4A2E-41E9-8953-9F041030EF65"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AF24AEA-D261-485F-A7FF-D5DAF033C571"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDD53B1B-BCD3-4A8D-8FBB-4965FA30D9E0"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0FA509F-C96E-428C-A69A-7D96E1C219B9"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0229C996-3960-4A7A-BA2E-03819281CA6D"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0FBFCAE-0324-4C8B-82F4-1EBFA440CB1F"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17099F68-B49C-4433-98B6-7C7FE8846702"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:3.0.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D43547B3-1085-48B1-A6D3-32B791EE09FE"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D3894CB-8DF7-4011-B47F-36485A2A6E7B"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EFFBB5B-8566-45BC-9123-5418821E6EB1"}, {"criteria": "cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BF2CC2A-232C-43A6-8C9B-E6125C051BF9"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D0173BE-F9DE-4566-B060-095203FAACA9"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4875C452-2466-45F1-8923-00E5340D74D8"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:2.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B15EF2E-A114-4128-85F1-889EDC3F6C58"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F07F4E00-F0BA-4821-B5B4-3C0E9D01AAE3"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C80E49B8-8BC4-4150-B86A-A5E474F4E598"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E92346D-B1A8-43F8-B2C1-E69A3301560B"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F081AEF5-3F0F-4D58-8BBE-EDB9C569CAB5"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44840CC3-5720-4AF8-B508-67AB5E3E1CA3"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F65519B-90F8-4A17-BA94-FDFDE5BF8CDD"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:3.0.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71F5759B-9D36-46DA-8F1B-CF7899AC7E96"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2C7E81B-DA97-4545-9C78-962E5FE9202D"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9DF445D-E457-4FA5-A2BE-F05828F8F799"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1CE1A44-9F74-4405-AAB4-E38487FBD91A"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29160905-BBD7-486C-A4E0-5778717389E9"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A538D21-6F83-4F01-AB4F-788A89F922CF"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "233E248F-0EA5-4C97-8474-C7A3EFCF7CCA"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}

3.5 /10