Cross-Site Scripting Vulnerability in IBM Rational Publishing Engine
CVE-2018-1534
5.4MEDIUM
Summary
The IBM Rational Publishing Engine 6.0.5 and 6.0.6 versions are susceptible to cross-site scripting, enabling attackers to inject arbitrary JavaScript into the Web UI. This vulnerability can modify the application's intended functions, potentially compromising user credentials during a trusted session. For further insights, refer to IBM's X-Force ID: 142432 and additional documentation.
Affected Version(s)
Rational Publishing Engine 6.0.5
Rational Publishing Engine 6.0.6
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved