First published: Thu Jul 19 2018(Updated: )
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124557.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Rational Rhapsody Design Manager | >=5.0<=5.0.2 | |
IBM Rational Rhapsody Design Manager | >=6.0<=6.0.5 | |
IBM Rational Software Architect Design Manager | >=5.0<=5.0.2 | |
IBM Rational Software Architect Design Manager | >=6.0<=6.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager is CVE-2018-1535.
The severity of CVE-2018-1535 is medium.
The affected software for CVE-2018-1535 includes IBM Rational Rhapsody Design Manager versions 5.0 through 5.0.2 and 6.0 through 6.0.5, and IBM Rational Software Architect Design Manager versions 5.0 through 5.0.2 and 6.0 through 6.0.1.
The vulnerability type of CVE-2018-1535 is cross-site scripting (XSS).
To mitigate the vulnerability in IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager, it is recommended to apply the necessary security patches or updates provided by IBM and follow the instructions provided in the official IBM security advisory.