CVE-2018-1535: XSS
First published: Thu Jul 19 2018(Updated: )
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124557.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Rhapsody Design Manager | >=5.0<=5.0.2 | |
| IBM Rational Rhapsody Design Manager | >=6.0<=6.0.5 | |
| IBM Rational Software Architect Design Manager | >=5.0<=5.0.2 | |
| IBM Rational Software Architect Design Manager | >=6.0<=6.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager?
The vulnerability ID for IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager is CVE-2018-1535.
What is the severity of CVE-2018-1535?
The severity of CVE-2018-1535 is medium.
What is the affected software for CVE-2018-1535?
The affected software for CVE-2018-1535 includes IBM Rational Rhapsody Design Manager versions 5.0 through 5.0.2 and 6.0 through 6.0.5, and IBM Rational Software Architect Design Manager versions 5.0 through 5.0.2 and 6.0 through 6.0.1.
What is the vulnerability type of CVE-2018-1535?
The vulnerability type of CVE-2018-1535 is cross-site scripting (XSS).
How can I mitigate the vulnerability in IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager?
To mitigate the vulnerability in IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager, it is recommended to apply the necessary security patches or updates provided by IBM and follow the instructions provided in the official IBM security advisory.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm rational rhapsody design manager
- version/ibm rational rhapsody design manager/5.0
- version/ibm rational rhapsody design manager/5.0.2
- version/ibm rational rhapsody design manager/6.0
- version/ibm rational rhapsody design manager/6.0.5
- canonical/ibm rational software architect design manager
- version/ibm rational software architect design manager/5.0
- version/ibm rational software architect design manager/5.0.2
- version/ibm rational software architect design manager/6.0
- version/ibm rational software architect design manager/6.0.1