PatchSiren cyber security CVE debrief
CVE-2016-6055 IBM CVE debrief
CVE-2016-6055 is a cross-site scripting issue in IBM Rational DOORS Next Generation, with IBM describing impact to 4.0, 5.0, and 6.0. The flaw can let users embed arbitrary JavaScript in the Web UI, changing application behavior and potentially exposing credentials within a trusted session. NVD classifies it as CWE-79 with CVSS 3.0 vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, which is consistent with a user-interaction-dependent web XSS risk.
- Vendor
- IBM
- Product
- CVE-2016-6055
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-23
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-23
- Advisory updated
- 2026-05-13
Who should care
Administrators, application security teams, and users of IBM Rational DOORS Next Generation or Rational Requirements Composer deployments that allow shared Web UI content or user-supplied rendering should review this issue. It is especially relevant where privileged users routinely access the application in trusted browser sessions.
Technical summary
The supplied corpus describes a web cross-site scripting weakness that allows arbitrary JavaScript injection through the Web UI. That can alter intended functionality and may expose sensitive information in the context of an authenticated session. NVD maps the weakness to CWE-79 and lists affected CPEs for Rational DOORS Next Generation 5.0, 5.0.0, 5.0.1, 5.0.2, 6.0.0, 6.0.1, 6.0.2, and Rational Requirements Composer 4.0.1 through 4.0.7. IBM's advisory reference is 1995515.
Defensive priority
Medium. Patch or remediate promptly if any affected IBM Rational deployment is in use, because the issue can be triggered in a browser context and may expose data inside a trusted session.
Recommended defensive actions
- Apply the IBM fix or mitigation referenced in the vendor advisory for reference 1995515.
- Verify whether any deployed IBM Rational DOORS Next Generation or Rational Requirements Composer version matches the affected CPE ranges in the NVD record.
- Review Web UI input handling and rendering paths to ensure user-supplied content is properly encoded or sanitized to prevent XSS.
- Limit exposure of sensitive browser sessions by encouraging reauthentication after remediation and by reducing unnecessary access to affected instances.
- Validate that updated systems no longer accept or render script-injectable content in the affected UI workflows.
Evidence notes
Evidence is limited to the supplied official sources: the NVD CVE detail, the CVE.org record, the NVD source item, and IBM's vendor advisory reference. The CVE was published on 2017-02-23 and the NVD record was modified on 2026-05-13. IBM's description states the issue affects Rational DOORS Next Generation 4.0, 5.0, and 6.0, while NVD enumerates vulnerable CPEs for Rational DOORS Next Generation 5.0.x and 6.0.x plus Rational Requirements Composer 4.0.1-4.0.7.
Official resources
-
CVE-2016-6055 CVE record
CVE.org
-
CVE-2016-6055 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
CVE published 2017-02-23; NVD record modified 2026-05-13. IBM advisory reference: 1995515.