Cross-Site Scripting in IBM Rational Design Manager and Software Architect
CVE-2018-1535

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Rational Rhapsody Design Manager; Rational Software Architect Design Manager
Vendor: CVE Published:; 19 July 2018

Summary

IBM Rational Rhapsody Design Manager and Rational Software Architect are susceptible to a cross-site scripting vulnerability. This flaw permits attackers to inject arbitrary JavaScript code through the Web UI, potentially compromising user sessions and resulting in unauthorized access to sensitive information. It is crucial for users of these IBM products to apply the latest updates and patches to mitigate the risk of exploitation.

Affected Version(s)

Rational Rhapsody Design Manager 5.0

Rational Rhapsody Design Manager 5.0.2

Rational Rhapsody Design Manager 5.0.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/142557

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=ibm10716029

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 19, 2018
Vulnerability Reserved
Dec 13, 2017