Cross-Site Scripting Vulnerability in IBM Rational Software Architect and Rhapsody Design Manager
CVE-2018-1585

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Rational Software Architect Design Manager; Rational Rhapsody Design Manager
Vendor: CVE Published:; 19 July 2018

Summary

A cross-site scripting vulnerability exists in IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager. This flaw allows malicious users to inject arbitrary JavaScript code into the web user interface, potentially altering its intended functionality and risking credential exposure during trusted sessions. Proper sanitization and user input validation measures should be implemented to mitigate this risk.

Affected Version(s)

Rational Rhapsody Design Manager 5.0

Rational Rhapsody Design Manager 5.0.2

Rational Rhapsody Design Manager 5.0.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/143498

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=ibm10716029

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 19, 2018
Vulnerability Reserved
Dec 13, 2017