IBM23CBDEE7BD23CADD845AE80E8CE8A8377555BE2B4A20B28B882D6B2BE76F19FFSecurity Bulletin: Rational DOORS Web Access is affected Cross-site scripting vulnerability
0.001 Low
EPSS
Percentile
19.8%
Summary
Rational DOORS Web Access is affected by a cross-site scripting vulnerability.
Vulnerability Details
CVEID:CVE-2018-1975
DESCRIPTION: IBM DWA is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153916> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
Rational DOORS Web Access: 9.5.1 - 9.5.1.10
Rational DOORS Web Access: 9.5.2 - 9.5.2.9
Rational DOORS Web Access: 9.6.0 - 9.6.0.8
Rational DOORS Web Access: 9.6.1 - 9.6.1.11
Remediation/Fixes
Upgrade to the fix pack that corresponds to the version of Rational DOORS Web Access that you are running, as shown in the following table.
| Rational DOORS version | Upgrade to fix pack |
|---|---|
| 9.5.1 | |
| 9.5.1.1 - 9.5.1.10 | 9.5.1.11 |
| 9.5.2 | |
| 9.5.2.1 - 9.5.2.9 | 9.5.2.10 |
| 9.6.0 | |
| 9.6.0.1 - 9.6.0.8 | 9.6.0.9 |
| 9.6.1 | |
| 9.6.1.1 - 9.6.1.11 | 9.6.1.12 |
For_ Rational DOORS version 9.5.1.x and earlier, IBM recommends upgrading to a fixed, supported version/release/platform of the product._
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
19.8%