阿里云漏洞库

IBM Rational Collaborative Lifecycle Management是美国IBM公司的一套协作设计模型管理软件。该软件支持使用中央系统存储库存储、共享、搜索和管理设计模型以及软件自动化的设计评审等。

IBM Rational Collaborative Lifecycle Management中存在跨站脚本漏洞，远程攻击者可利用该漏洞在Web UI中注入任意JavaScript代码。

厂商已发布了漏洞修复程序，请及时关注更新：
https://www-01.ibm.com/support/docview.wss?uid=ibm10732477

参考链接
http://www.ibm.com/support/docview.wss?uid=ibm10732477
https://exchange.xforce.ibmcloud.com/vulnerabilities/142956

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	ibm	rational_collaborative_lifecycle_management	*	From (including) 5.0	Up to (including) 6.0.6
	运行在以下环境
	应用	ibm	rational_doors_next_generation	*	From (including) 5.0	Up to (including) 5.0.2
	运行在以下环境
	应用	ibm	rational_doors_next_generation	*	From (including) 6.0.0	Up to (including) 6.0.6
	运行在以下环境
	应用	ibm	rational_engineering_lifecycle_manager	*	From (including) 5.0	Up to (including) 5.0.2
	运行在以下环境
	应用	ibm	rational_engineering_lifecycle_manager	*	From (including) 6.0	Up to (including) 6.0.6
	运行在以下环境
	应用	ibm	rational_quality_manager	*	From (including) 5.0	Up to (including) 5.0.2
	运行在以下环境
	应用	ibm	rational_quality_manager	*	From (including) 6.0	Up to (including) 6.0.6
	运行在以下环境
	应用	ibm	rational_rhapsody_design_manager	*	From (including) 5.0	Up to (including) 5.0.2
	运行在以下环境
	应用	ibm	rational_rhapsody_design_manager	*	From (including) 6.0	Up to (including) 6.0.6
	运行在以下环境
	应用	ibm	rational_software_architect_design_manager	*	From (including) 5.0	Up to (including) 5.0.2
	运行在以下环境
	应用	ibm	rational_software_architect_design_manager	*	From (including) 6.0	Up to (including) 6.0.1
	运行在以下环境
	应用	ibm	rational_team_concert	*	From (including) 5.0	Up to (including) 5.0.2
	运行在以下环境
	应用	ibm	rational_team_concert	*	From (including) 6.0	Up to (including) 6.0.6
	运行在以下环境
	系统	oracle_7	atk	*		Up to (excluding) 3.28.5-4.el7

CWE-ID	漏洞类型
CWE-79	在Web页面生成时对输入的转义处理不恰当（跨站脚本）