Cross-Site Scripting Vulnerability in IBM Rational Publishing Engine
CVE-2018-1533
5.4MEDIUM
Summary
The IBM Rational Publishing Engine versions 6.0.5 and 6.0.6 are susceptible to a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code through the Web UI. This flaw can disrupt the intended functionality of the application, potentially allowing malicious users to disclose confidential credentials during active user sessions within a trusted environment. Users and organizations utilizing these specific versions should take immediate action to mitigate the risks associated with this vulnerability.
Affected Version(s)
Rational Publishing Engine 6.0.5
Rational Publishing Engine 6.0.6
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved