CVE-2018-1558: XSS
First published: Tue Oct 02 2018(Updated: )
IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142956.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Collaborative Lifecycle Management | >=5.0<=6.0.6 | |
| IBM Rational DOORS Next Generation | >=5.0<=5.0.2 | |
| IBM Rational DOORS Next Generation | >=6.0.0<=6.0.6 | |
| IBM Rational Engineering Lifecycle Manager | >=5.0<=5.0.2 | |
| IBM Rational Engineering Lifecycle Manager | >=6.0<=6.0.6 | |
| IBM Rational Quality Manager | >=5.0<=5.0.2 | |
| IBM Rational Quality Manager | >=6.0<=6.0.6 | |
| IBM Rational Rhapsody Design Manager | >=5.0<=5.0.2 | |
| IBM Rational Rhapsody Design Manager | >=6.0<=6.0.6 | |
| IBM Rational Software Architect Design Manager | >=5.0<=5.0.2 | |
| IBM Rational Software Architect Design Manager | >=6.0<=6.0.1 | |
| IBM Rational Team Concert | >=5.0<=5.0.2 | |
| IBM Rational Team Concert | >=6.0<=6.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1558?
CVE-2018-1558 is a vulnerability in IBM Rational Collaborative Lifecycle Management that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.
Which software versions are affected by CVE-2018-1558?
IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are affected by CVE-2018-1558.
How severe is CVE-2018-1558?
CVE-2018-1558 has a severity score of 5.4, indicating a medium-level vulnerability.
How can I fix CVE-2018-1558?
To fix CVE-2018-1558, users should update their IBM Rational Collaborative Lifecycle Management software to version 6.0.7 or later.
Where can I find more information about CVE-2018-1558?
You can find more information about CVE-2018-1558 on the Debian security tracker, the IBM support website, and the IBM X-Force Exchange.
- collector/security-tracker-debian
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm rational collaborative lifecycle management
- version/ibm rational collaborative lifecycle management/5.0
- version/ibm rational collaborative lifecycle management/6.0.6
- canonical/ibm rational doors next generation
- version/ibm rational doors next generation/5.0
- version/ibm rational doors next generation/5.0.2
- version/ibm rational doors next generation/6.0.0
- version/ibm rational doors next generation/6.0.6
- canonical/ibm rational engineering lifecycle manager
- version/ibm rational engineering lifecycle manager/5.0
- version/ibm rational engineering lifecycle manager/5.0.2
- version/ibm rational engineering lifecycle manager/6.0
- version/ibm rational engineering lifecycle manager/6.0.6
- canonical/ibm rational quality manager
- version/ibm rational quality manager/5.0
- version/ibm rational quality manager/5.0.2
- version/ibm rational quality manager/6.0
- version/ibm rational quality manager/6.0.6
- canonical/ibm rational rhapsody design manager
- version/ibm rational rhapsody design manager/5.0
- version/ibm rational rhapsody design manager/5.0.2
- version/ibm rational rhapsody design manager/6.0
- version/ibm rational rhapsody design manager/6.0.6
- canonical/ibm rational software architect design manager
- version/ibm rational software architect design manager/5.0
- version/ibm rational software architect design manager/5.0.2
- version/ibm rational software architect design manager/6.0
- version/ibm rational software architect design manager/6.0.1
- canonical/ibm rational team concert
- version/ibm rational team concert/5.0
- version/ibm rational team concert/5.0.2
- version/ibm rational team concert/6.0
- version/ibm rational team concert/6.0.6