CVE-2018-1536: XSS
First published: Thu Jul 19 2018(Updated: )
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142558.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Rhapsody Design Manager | >=5.0<=5.0.2 | |
| IBM Rational Rhapsody Design Manager | >=6.0<=6.0.5 | |
| IBM Rational Software Architect Design Manager | >=5.0<=5.0.2 | |
| IBM Rational Software Architect Design Manager | >=6.0<=6.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2018-1536.
Which products are affected by this vulnerability?
IBM Rational Rhapsody Design Manager versions 5.0 through 5.0.2 and 6.0 through 6.0.5, and IBM Rational Software Architect Design Manager versions 5.0 through 5.0.2 and 6.0 through 6.0.1 are affected.
What is the severity rating of CVE-2018-1536?
CVE-2018-1536 has a severity rating of 5.4 (medium).
What is the CWE category of this vulnerability?
The CWE category of this vulnerability is CWE-79.
How can I fix the cross-site scripting vulnerability in IBM Rational Rhapsody Design Manager and Rational Software Architect Design Manager?
To fix the cross-site scripting vulnerability, update IBM Rational Rhapsody Design Manager to version 5.0.3 or later, Rational Software Architect Design Manager to version 6.0.2 or later, or apply the recommended patches provided by IBM.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/remedy
- agent/tags
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm rational rhapsody design manager
- version/ibm rational rhapsody design manager/5.0
- version/ibm rational rhapsody design manager/5.0.2
- version/ibm rational rhapsody design manager/6.0
- version/ibm rational rhapsody design manager/6.0.5
- canonical/ibm rational software architect design manager
- version/ibm rational software architect design manager/5.0
- version/ibm rational software architect design manager/5.0.2
- version/ibm rational software architect design manager/6.0
- version/ibm rational software architect design manager/6.0.1