Cross-Site Scripting Vulnerability in IBM Rational Publishing Engine
CVE-2018-1534

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
12 October 2018

Summary

The IBM Rational Publishing Engine 6.0.5 and 6.0.6 versions are susceptible to cross-site scripting, enabling attackers to inject arbitrary JavaScript into the Web UI. This vulnerability can modify the application's intended functions, potentially compromising user credentials during a trusted session. For further insights, refer to IBM's X-Force ID: 142432 and additional documentation.

Affected Version(s)

Rational Publishing Engine 6.0.5

Rational Publishing Engine 6.0.6

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.