Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4844A06EC5A415962BD76C339CD689E1D6BA659E59DE201F661CC7A36721D3AC
HistoryApr 28, 2021 - 6:35 p.m.

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Rational® Quality Manager

2021-04-2818:35:50
www.ibm.com
14

EPSS

0.001

Percentile

28.4%

JSON

Summary

IBM® Rational® Quality Manager is vulnerable to multiple security vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-1396 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138429&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1523 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141804&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1549 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142658&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2017-1729 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134909&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2017-1738 DESCRIPTION: IBM Quality Manager (RQM) contains an undisclosed vulnerability that would allow an authenticated user to obtain elevated privileges.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134919&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-1791 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137036&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2017-1792 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137037&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2017-1793 DESCRIPTION: IBM Quality Manager (RQM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137038&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Rational Collaborative Lifecycle Management 5.0 - 6.0.5

Rational Quality Manager 6.0 - 6.0.5
Rational Quality Manager 5.0 - 5.0.2

Release 6.0.6 is not affected.

Remediation/Fixes

For the 6.0.x releases:

For the 5.x releases, upgrade to version 5.0.2 iFix26 or later

Workarounds and Mitigations

None

Related

cvelist 8
cve 8
nvd 8
prion 8
cvelist
cvelist
CVE-2017-1793
2018-07-06 00:00:00
CVE-2018-1396
2018-07-06 00:00:00
CVE-2017-1791
2018-07-06 00:00:00
cve
cve
CVE-2018-1396
2018-07-10 16:29:00
CVE-2017-1793
2018-07-10 16:29:00
CVE-2018-1523
2018-07-10 16:29:00
nvd
nvd
CVE-2018-1396
2018-07-10 16:29:00
CVE-2017-1793
2018-07-10 16:29:00
CVE-2017-1738
2018-07-10 16:29:00
prion
prion
Cross site scripting
2018-07-10 16:29:00
Cross site scripting
2018-07-10 16:29:00
Cross site scripting
2018-07-10 16:29:00

EPSS

0.001

Percentile

28.4%

JSON
Related for 4844A06EC5A415962BD76C339CD689E1D6BA659E59DE201F661CC7A36721D3AC
cvelist8cve8nvd8prion8