Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF9EA2A1C16B00215B8E1EB620762B58E2F23C10A2D517F32B59E235E496D2C3F
HistoryApr 28, 2021 - 6:35 p.m.

Security Bulletin: Vulnerabilities in Rational DOORS Next Generation with potential for cross-site scripting attack

2021-04-2818:35:50
www.ibm.com
6

0.001 Low

EPSS

Percentile

25.4%

JSON

Summary

Vulnerabilities in Rational DOORS Next Generation with potential for cross-site scripting attack

Vulnerability Details

CVEID: CVE-2018-1731 DESCRIPTION: IBM DOORS Next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 4.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147710&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-1913 DESCRIPTION: IBM DOORS Next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152737&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Rational DOORS Next Generation 5.0 - 5.0.2

Rational DOORS Next Generation 6.0 - 6.0.6

Remediation/Fixes

For Rational DOORS Next Generation 5.0.2, a fix is available by upgrading to 5.0.2 iFix029 or later
Rational DOORS Next Generation 5.0.2 iFix029

For Rational DOORS Next Generation 6.0.2, a fix is available by upgrading to 6.0.2 iFix019 or later
Rational DOORS Next Generation 6.0.2 iFix019

For Rational DOORS Next Generation 6.0.4, a fix is available by upgrading to 6.0.4 iFix012 or later
Rational DOORS Next Generation 6.0.4 iFix012

For Rational DOORS Next Generation 6.0.5, a fix is available by upgrading to 6.0.5 iFix010 or later
Rational DOORS Next Generation 6.0.5 iFix010

For Rational DOORS Next Generation 6.0.6, a fix is available by upgrading to 6.0.6 iFix005 or later
Rational DOORS Next Generation 6.0.6 iFix005

For any prior versions of the products listed above, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

If the iFix is not found in the iFix Portal please contact IBM support.

Workarounds and Mitigations

None

Related

nvd 2
prion 2
cvelist 2
cve 2
nvd
nvd
CVE-2018-1913
2019-04-03 14:29:00
CVE-2018-1731
2019-04-03 14:29:00
prion
prion
Cross site scripting
2019-04-03 14:29:00
Cross site scripting
2019-04-03 14:29:00
cvelist
cvelist
CVE-2018-1913
2019-04-01 00:00:00
CVE-2018-1731
2019-04-01 00:00:00
cve
cve
CVE-2018-1731
2019-04-03 14:29:00
CVE-2018-1913
2019-04-03 14:29:00

0.001 Low

EPSS

Percentile

25.4%

JSON
Related for F9EA2A1C16B00215B8E1EB620762B58E2F23C10A2D517F32B59E235E496D2C3F
nvd2prion2cvelist2cve2