First published: Thu Jul 19 2018(Updated: )
IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142291.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Rational Requirements Composer | >=5.0.0<=5.0.2 | |
IBM Rational DOORS Next Generation | >=5.0.0<=5.0.2 | |
IBM Rational DOORS Next Generation | >=6.0.0<=6.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2018-1529.
The severity level of CVE-2018-1529 is medium.
The affected software for CVE-2018-1529 is IBM Rational DOORS Next Generation versions 5.0 through 5.0.2 and 6.0 through 6.0.5, and IBM Rational Requirements Composer versions 5.0 through 5.0.2.
CVE-2018-1529 is a vulnerability in IBM Rational DOORS Next Generation and IBM Rational Requirements Composer that allows users to embed arbitrary JavaScript code in the Web UI, leading to potential cross-site scripting attacks.
Yes, you can find references for CVE-2018-1529 at the following links: [1](http://www.ibm.com/support/docview.wss?uid=ibm10717531), [2](http://www.securityfocus.com/bid/104928), [3](https://exchange.xforce.ibmcloud.com/vulnerabilities/142291).