Cross-Site Scripting Vulnerability in IBM Rational Rhapsody and Software Architect
CVE-2018-1536

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Rational Software Architect Design Manager
Rational Rhapsody Design Manager
Vendor
CVE Published:
19 July 2018

Summary

IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager are susceptible to cross-site scripting vulnerabilities that allow attackers to inject arbitrary JavaScript code through the Web UI. This flaw could potentially compromise user sessions and lead to the unauthorized disclosure of user credentials, undermining the integrity and security of trusted communications.

Affected Version(s)

Rational Rhapsody Design Manager 5.0

Rational Rhapsody Design Manager 5.0.2

Rational Rhapsody Design Manager 5.0.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/142558
vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=ibm10716029
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.