IBM114A26EC50AEAAA9986034D0CF68B5BDA6A12F6353BFEB7A0AB555F1D205B7BASecurity Bulletin: Multiple vulnerabilities affect IBM Rational Design Manager products
0.0005 Low
EPSS
Percentile
18.2%
Summary
Multiple vulnerabilities affect the following IBM Rational Products: Rational Rhapsody Design Manager (Rhapsody DM), Rational Software Architect Design Manager (RSA DM)
Vulnerability Details
CVEID: CVE-2018-1400 DESCRIPTION: IBM Rhapsody DM is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138436> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1535 DESCRIPTION: IBM Rhapsody DM is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142557> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1536 DESCRIPTION: IBM Rhapsody DM is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142558> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1585 DESCRIPTION: IBM Rhapsody DM is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143498> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2018-1587 DESCRIPTION: IBM Rhapsody DM could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143500> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
Rational Rhapsody Design Manager 5.0 - 5.0.2
Rational Rhapsody Design Manager 6.0 - 6.0.5
Rational Software Architect Design Manager 5.0 - 5.0.2
Rational Software Architect Design Manager 6.0 - 6.0.1
Remediation/Fixes
For 6.0 - 6.0.5 releases:
- Upgrade to version 6.0.6 or later:
<https://jazz.net/downloads/design-management/releases/6.0.6>
- Or upgrade to version 6.0.5 ifix6 or later:
<https://jazz.net/downloads/design-management/releases/6.0.5iFix6>
- Or upgrade to version 6.0.4 ifix9 or later:.
<https://jazz.net/downloads/design-management/releases/6.0.4iFix9>
For updates about Rational Software Architect Design Manager contact IBM support.
For any prior versions of the products listed above, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
Workarounds and Mitigations
None
Related
0.0005 Low
EPSS
Percentile
18.2%