cnvd-2017-15917
Vulnerability from cnvd

Title: IBM Jazz Reporting Service跨站脚本漏洞(CNVD-2017-15917)

Description:

IBM Jazz Reporting Service(JRS)是美国IBM公司的一套用于发现跨项目报表的应用程序,它可与IBM Rational CLM的Rational解决方案(用于管理开发项目的所有生命周期)集成使用,CLM用户可在仪表板中访问JRS提供的报表,包括显示所有项目的状态,并跨应用程序、跨项目(甚至跨时间表)来汇聚数据。

IBM JRS中存在跨站脚本漏洞。远程攻击者可利用该漏洞向Web UI中注入任意的JavaScript代码。

Severity:

Patch Name: IBM Jazz Reporting Service跨站脚本漏洞(CNVD-2017-15917)的补丁

Patch Description:

IBM Jazz Reporting Service(JRS)是美国IBM公司的一套用于发现跨项目报表的应用程序,它可与IBM Rational CLM的Rational解决方案(用于管理开发项目的所有生命周期)集成使用,CLM用户可在仪表板中访问JRS提供的报表,包括显示所有项目的状态,并跨应用程序、跨项目(甚至跨时间表)来汇聚数据。

IBM JRS中存在跨站脚本漏洞。远程攻击者可利用该漏洞向Web UI中注入任意的JavaScript代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞,补丁获取链接: http://www.ibm.com/support/docview.wss?uid=swg22001007

Reference: http://www.securityfocus.com/bid/99353

Impacted products
Name
['IBM Jazz Reporting Service(JRS) 6.0', 'IBM Jazz Reporting Service(JRS) 6.0.2', 'IBM Jazz Reporting Service(JRS) 6.0.1', 'IBM Jazz Reporting Service(JRS) 5.0', 'IBM Jazz Reporting Service(JRS) 5.0.1', 'IBM Jazz Reporting Service(JRS) 5.0.2', 'IBM Jazz Reporting Service(JRS) 6.0.3']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "99353"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9987"
    }
  },
  "description": "IBM Jazz Reporting Service\uff08JRS\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u53d1\u73b0\u8de8\u9879\u76ee\u62a5\u8868\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u5b83\u53ef\u4e0eIBM Rational CLM\u7684Rational\u89e3\u51b3\u65b9\u6848\uff08\u7528\u4e8e\u7ba1\u7406\u5f00\u53d1\u9879\u76ee\u7684\u6240\u6709\u751f\u547d\u5468\u671f\uff09\u96c6\u6210\u4f7f\u7528\uff0cCLM\u7528\u6237\u53ef\u5728\u4eea\u8868\u677f\u4e2d\u8bbf\u95eeJRS\u63d0\u4f9b\u7684\u62a5\u8868\uff0c\u5305\u62ec\u663e\u793a\u6240\u6709\u9879\u76ee\u7684\u72b6\u6001\uff0c\u5e76\u8de8\u5e94\u7528\u7a0b\u5e8f\u3001\u8de8\u9879\u76ee\uff08\u751a\u81f3\u8de8\u65f6\u95f4\u8868\uff09\u6765\u6c47\u805a\u6570\u636e\u3002\r\n\r\nIBM JRS\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411Web UI\u4e2d\u6ce8\u5165\u4efb\u610f\u7684JavaScript\u4ee3\u7801\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.ibm.com/support/docview.wss?uid=swg22001007",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-15917",
  "openTime": "2017-07-20",
  "patchDescription": "IBM Jazz Reporting Service\uff08JRS\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u53d1\u73b0\u8de8\u9879\u76ee\u62a5\u8868\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u5b83\u53ef\u4e0eIBM Rational CLM\u7684Rational\u89e3\u51b3\u65b9\u6848\uff08\u7528\u4e8e\u7ba1\u7406\u5f00\u53d1\u9879\u76ee\u7684\u6240\u6709\u751f\u547d\u5468\u671f\uff09\u96c6\u6210\u4f7f\u7528\uff0cCLM\u7528\u6237\u53ef\u5728\u4eea\u8868\u677f\u4e2d\u8bbf\u95eeJRS\u63d0\u4f9b\u7684\u62a5\u8868\uff0c\u5305\u62ec\u663e\u793a\u6240\u6709\u9879\u76ee\u7684\u72b6\u6001\uff0c\u5e76\u8de8\u5e94\u7528\u7a0b\u5e8f\u3001\u8de8\u9879\u76ee\uff08\u751a\u81f3\u8de8\u65f6\u95f4\u8868\uff09\u6765\u6c47\u805a\u6570\u636e\u3002\r\n\r\nIBM JRS\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411Web UI\u4e2d\u6ce8\u5165\u4efb\u610f\u7684JavaScript\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Jazz Reporting Service\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2017-15917\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Jazz Reporting Service\uff08JRS\uff09 6.0",
      "IBM Jazz Reporting Service\uff08JRS\uff09 6.0.2",
      "IBM Jazz Reporting Service\uff08JRS\uff09 6.0.1",
      "IBM Jazz Reporting Service\uff08JRS\uff09 5.0",
      "IBM Jazz Reporting Service\uff08JRS\uff09 5.0.1",
      "IBM Jazz Reporting Service\uff08JRS\uff09 5.0.2",
      "IBM Jazz Reporting Service\uff08JRS\uff09 6.0.3"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/99353",
  "serverity": "\u4f4e",
  "submitTime": "2017-07-05",
  "title": "IBM Jazz Reporting Service\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2017-15917\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.