Cross-Site Scripting in IBM Rational Design Manager and Software Architect
CVE-2018-1535

5.4MEDIUM

Key Information:

Summary

IBM Rational Rhapsody Design Manager and Rational Software Architect are susceptible to a cross-site scripting vulnerability. This flaw permits attackers to inject arbitrary JavaScript code through the Web UI, potentially compromising user sessions and resulting in unauthorized access to sensitive information. It is crucial for users of these IBM products to apply the latest updates and patches to mitigate the risk of exploitation.

Affected Version(s)

Rational Rhapsody Design Manager 5.0

Rational Rhapsody Design Manager 5.0.2

Rational Rhapsody Design Manager 5.0.1

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.