CVE-2018-1535
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
19/07/2018
Last modified:
09/10/2019
Description
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124557.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:* | 5.0 (including) | 5.0.2 (including) |
| cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:* | 6.0 (including) | 6.0.5 (including) |
| cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:* | 5.0 (including) | 5.0.2 (including) |
| cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:* | 6.0 (including) | 6.0.1 (including) |
To consult the complete list of CPE names with products and versions, see this page