Cross-Site Scripting Vulnerability in IBM Rational Software Architect and Rhapsody Design Manager
CVE-2018-1585
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 19 July 2018
Summary
A cross-site scripting vulnerability exists in IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager. This flaw allows malicious users to inject arbitrary JavaScript code into the web user interface, potentially altering its intended functionality and risking credential exposure during trusted sessions. Proper sanitization and user input validation measures should be implemented to mitigate this risk.
Affected Version(s)
Rational Rhapsody Design Manager 5.0
Rational Rhapsody Design Manager 5.0.2
Rational Rhapsody Design Manager 5.0.1
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved