Cross-Site Scripting Vulnerability in IBM Rational Publishing Engine
CVE-2018-1533

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
12 October 2018

Summary

The IBM Rational Publishing Engine versions 6.0.5 and 6.0.6 are susceptible to a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code through the Web UI. This flaw can disrupt the intended functionality of the application, potentially allowing malicious users to disclose confidential credentials during active user sessions within a trusted environment. Users and organizations utilizing these specific versions should take immediate action to mitigate the risks associated with this vulnerability.

Affected Version(s)

Rational Publishing Engine 6.0.5

Rational Publishing Engine 6.0.6

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.