Security Bulletin: Multiple Security Vulnerabilities affect IBM® Rational® Quality Manager

2021-04-2818:35:50

www.ibm.com

EPSS

0.001

Percentile

19.1%

JSON

Summary

IBM® Rational® Quality Manager is vulnerable to multiple security vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-1603 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143793> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1602 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143792> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1604 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143794> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Rational Collaborative Lifecycle Management 5.0 - 6.0.6

Rational Quality Manager 6.0 - 6.0.6
Rational Quality Manager 5.0 - 5.0.2

Remediation/Fixes

For the 6.0.x releases:

Or version 6.0.6 iFix003 or later
- Rational Quality Manager 6.0.6 iFix003
Or version 6.0.5 iFix008 or later (For CVE-2018-1604 and CVE-2018-1602)
- Rational Quality Manager 6.0.5 iFix008
Or version 6.0.2 iFix018 or later
- Rational Quality Manager 6.0.2 iFix018

For the 5.x releases, upgrade to version 5.0.2 iFix27 or later

Rational Quality Manager 5.0.2 iFix27

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm engineering lifecycle management baseeq5.0.
ibm engineering lifecycle management baseeq6.0
ibm engineering lifecycle management baseeq6.0.1
ibm engineering lifecycle management baseeq6.0.2
ibm engineering lifecycle management baseeq6.0.3
ibm engineering lifecycle management baseeq6.0.4
ibm engineering lifecycle management baseeq6.0.5
ibm engineering lifecycle management baseeq6.0.6
ibm engineering test managementeq5.0.
ibm engineering test managementeq6.0

Name	Operator	Version
ibm engineering lifecycle management base	eq	5.0.
ibm engineering lifecycle management base	eq	6.0
ibm engineering lifecycle management base	eq	6.0.1
ibm engineering lifecycle management base	eq	6.0.2
ibm engineering lifecycle management base	eq	6.0.3
ibm engineering lifecycle management base	eq	6.0.4
ibm engineering lifecycle management base	eq	6.0.5
ibm engineering lifecycle management base	eq	6.0.6
ibm engineering test management	eq	5.0.
ibm engineering test management	eq	6.0

Rows per page:

1-10 of 161

EPSS

0.001

Percentile

19.1%

JSON

Related for 1F885C7CF2FEADBCC5E78A2BBF5E10D321520CFF3481DD46403DC2C864091858