Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting attack.
CVEID: CVE-2018-1507**
DESCRIPTION:** IBM DOORS Next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141415> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N))
Rational DOORS Next Generation 6.0.5
For Rational DOORS Next Generation 6.0.5, a fix is available by upgrading to 6.0.5 iFix005 or later
Rational DOORS Next Generation 6.0.5 iFix005
If the iFix is not found in the iFix Portal please contact IBM support.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm engineering lifecycle management base | eq | any | |
ibm engineering requirements management doors next | eq | 6.0.5 |