Cross-Site Scripting Vulnerability in IBM Rational Software Architect and Rhapsody Design Manager
CVE-2018-1585

5.4MEDIUM

Key Information:

Summary

A cross-site scripting vulnerability exists in IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager. This flaw allows malicious users to inject arbitrary JavaScript code into the web user interface, potentially altering its intended functionality and risking credential exposure during trusted sessions. Proper sanitization and user input validation measures should be implemented to mitigate this risk.

Affected Version(s)

Rational Rhapsody Design Manager 5.0

Rational Rhapsody Design Manager 5.0.2

Rational Rhapsody Design Manager 5.0.1

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.